Clever Geek Handbook

CF and PDF in a secure environment

I am using CF9. My problem is with an admin application that sets session variables on login to determine user and user rights. Depending on the user level, certain pages are allowed to be viewed and other pages are prohibited. (I'll refer to this as my “security infrastructure.” It's wrapped around everything at the root.)

This security structure consists of a statement cfif

at the top of the CFM page and a closure cfelse

and (</)cfif

at the bottom of the page. Anything between this opening cfif

and closing cfif

is displayed if the user has this level of permission - standard stuff.

Some users can download PDF files without any problem. PDF files are downloaded to a folder outside of the root and then moved and renamed to folders inside the root.

On boot, the user selects categories and subcategories, etc., and these variables are inserted into the SQL database during the boot process. So I have file_files and filenames etc. to set up dynamic links on the page so that the user can click and download the PDF (password protected) in the browser.

I have a dynamic link pointing to ShowThisPDF.cfm?

with URL variables filePath= #filePath# & fileName = #fileName#

. I have configured ShowThisPDF.cfm

with a security framework at the top and bottom of the page and am trying to copy the downloaded PDF to this page so that the PDF is displayed in the browser.

I have tried many ways to do this is by using cfdocument

and cfpdf

and cfcontent

etc. When I read the error it throws, it looks like it reaches the uploaded file, but I get "access denied" every time, due to security concerns I suppose.

On the other hand, elsewhere in this application, I can generate a PDF from my cf pages using cfdocument

with a security scope wrapped around the page and that works great - displaying the PDF in the browser. My problem is uploading an existing PDF to a security-scoped CFM page, which should allow the PDF to upload.

Does anyone have an idea how I can accomplish the above? I don't like trying to bypass my security and it seems logical to "copy" the downloaded PDF to a CFM page that wraps the PDF in a security framework and then displays the PDF in the browser.

+3


source to share


1 answer


Agree with Dan - I had a similar problem. So I ended up with https: using Windows login as well as ColdFusion login to web application. At the end of the day - they need 2 logins to login - then they can see PDF files, etc. Or whatever they want.



0


source






More articles:


All Articles