• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Document folder outside of webserver

Participant ,
Feb 23, 2015 Feb 23, 2015

Copy link to clipboard

Copied

Hi,

At my facility we have access to drives that are up to a TB in size.  We have a lot of documents we plan to scan and save "online".  Currently our web servers are relatively small, the on I am on now is only 20GB and it's almost full.

Can I upload documents through a web page to a drive that is not on the web server, and also build a page that links to those documents so that users can open them?

Thanks

Views

927

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Engaged , Feb 26, 2015 Feb 26, 2015

First, you should't be using a url var in a file path.  This leads to directory traversal attacks.

Here is how you can make this work...

  • First, make sure CF is running as a specific user.  It should be already if the lockdown guid was followed.
  • Take the same credentials that CF is running as (user/password) and create an identical account on the server where the files are stored.
  • Create a share on the server to the files giving the CF user read permissions
  • Change your code to use a UNC path to get t
...

Votes

Translate

Translate
Participant ,
Feb 26, 2015 Feb 26, 2015

Copy link to clipboard

Copied

Is this possible?  If yes, could someone point me to some reference documents for this?  Also, if it's not possible, that would be great to hear also.

Thank you

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Feb 26, 2015 Feb 26, 2015

Copy link to clipboard

Copied

Its not something you can natively do with out using some form of web service. For example we use Amazon S3 to store all our documents and images and use the built in S3 support in coldfusion to process them user side. This way you just pay for what you need too.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Feb 26, 2015 Feb 26, 2015

Copy link to clipboard

Copied

Okay, thanks.  That helps with our decision on how to progress.  We'll buy more webspace.

As I mentioned all of the drives would be inhouse behind our firewall, I can't store these documents on Amazon.

Surprisingly I can have a 1TB drive for free, but I need to pay (handsomely) for webspace.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
Feb 26, 2015 Feb 26, 2015

Copy link to clipboard

Copied

This is totally possible without using a web service.  But it all depends on a few factors like network connectivity to storage and webserver os.  Can you explain a little about your environment and what you are running?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Feb 26, 2015 Feb 26, 2015

Copy link to clipboard

Copied

Thanks.

We are currently using CF9, but I will be moving the site to a CF10 server.  Please keep in mind I am not a network person, nor a CF person, nor a programmer of any sort, so my terminology is likely wrong.

On the CF10 server the database is on a separate MS SQL server.  Our IT department set up permissions to allow the web server to "talk" to the database server and it works fine.

We have shared file systems available.  I presume our IT people would also be able to let the web server talk to that drive?

Currently the files are stored outside of the web directory, but on the same server.  I use this file to retrieve them from a link:

<cfif fileexists('H:\scanned_files\#url.filename#.pdf')>

<cfheader name="Content-disposition" value="attachment;filename=#url.filename#.pdf">

<cfcontent file="H:\scanned_files\#url.filename#.pdf" deletefile="false">

<cfelse>

File not found...

</cfif>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
Feb 26, 2015 Feb 26, 2015

Copy link to clipboard

Copied

First, you should't be using a url var in a file path.  This leads to directory traversal attacks.

Here is how you can make this work...

  • First, make sure CF is running as a specific user.  It should be already if the lockdown guid was followed.
  • Take the same credentials that CF is running as (user/password) and create an identical account on the server where the files are stored.
  • Create a share on the server to the files giving the CF user read permissions
  • Change your code to use a UNC path to get to the file.

<cfset fileName = url.filename>

<!--- validate that the filename field is in an expected format --->

<!--- always use forward slashes for file paths.  That way if the code moves to a linux based server you don't have to change anything. --->

<cfset fullPath = "//server/share/path/to/file/#filename.pdf">

<cfif fileexists(fullPath)>

<cfheader name="Content-disposition" value="attachment;filename=#fileName#.pdf">

<cfcontent file="#fullPath#" deletefile="false">

<cfelse>

File not found...

</cfif>

HTH,

--Dave

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Mar 10, 2015 Mar 10, 2015

Copy link to clipboard

Copied

LATEST

This is making me very sad, clearly I am in so far over my head I may not be able to accomplish this.

I simply installed CF9 on my webserver, I did not follow the 35 page lockdown guide.  I just tried, but got far too lost.

I know this is an ignorant thing to say, but I am not worried about security.  This is a locked down site that is behind our institutions firewall and no one has access to it besides my department.  Plus we aren't storing financial data, or world secrets.    It is working fine for us, except we are quickly running out of space.

I now have access to a drive (also behind our firewall), but it seems without these permissions being applied I will not be able to access the test files I have created.

Thanks

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation