There seems to be alot of information but no solid steps to this.
I have traffic coming in and being directed towards a central flash file. This flash file is a big resource with a lot of linked material. The flash file and every .cfm file is protected by code in the header and application pages. This leaves direct links to the files exposed.
My need is two fold and I believe they can both help each other.
1) If no one knows the name of the file.. they goto download the link.. I would like to hide the file location and force a save as dialog box
2) If someone should guess the path to the file and type it in directly - how to prevent those requests.
I had started playing around with forcing everyone to a FileDownload.cfm which is does some hiding and protected by the application code - but it still leaves files wide open.. I have something like so...
<cfset docN = URL.docN>
<cfset docD = URL.docD>
<cfheader name="Content-Disposition" value="attachment;filename=#docN#">
<cfheader name="Content-Description" value="Resource file.">