How to force users to log in to download documents, when they have a direct link to the documents?

Question

Okay, here is the situation. A group of people I work with have an education site that they manage. Most of the site content is in the form of documents that can be downloaded. Users log in, and then they can view the categories of documents, and download them. The download links on the pages are the direct links to the documents.

The issue that has been discovered, is that someone can download the documents if they have the direct link (e.g. if someone else has e-mailed it to them), without logging in. Right now, every page on the site checks whether a user is logged in before allowing them access to the pages, but of course the Word and PDF documents don't have that same protection, so if someone downloads them from a direct link, they aren't going via the site.

Is there any way to protect these documents from being downloaded this way, or to force the user to log in first? The people who manage the site are concerned that people who don't have logins for the site are able to access documents that they shouldn't. The site is written in ColdFusion, by the way.

Edit: Okay, I'm trying to implement Steve's solution as the following:

<cfheader name="Content-Type" value="unknown">
<cfheader name="Content-Disposition" value="attachment; filename='#resourceName#'">
<cfcontent file="#resourceData.ResourcePath#" type="Application/unknown" deleteFile="no">

It works fine for .jpeg and pdf, but for other document types, like Word, it downloads a zipped file full of .xml files (specifically, subfolders named "_rels", "docProps", and "word" with .xml files inside, and an additional top-level file named "[Content_Types].xml"). If I set the content type to a Word mimetype, it downloads fine. Any ideas?

Edit: Okay, I don't know how to solve the problem using 'Application/Unknown' as the file type, but if I get the mimetype using getPageContext().getServletContext().getMimeType(), I can put that in for the type. Unfortunately I am still having an issue in that this function isn't working to retrieve mimetypes for the newer Office document types. Our server guy is taking a look. If I have to, I'll set up some logic to detect .docx/.pptx/.xlsx files and use getPageContext().getServletContext().getMimeType() to detect the mimetypes of other documents. But any suggestions for making this work with 'Application/Unknown' would be welcome.

Answer 1

Here is an example of a setup that I use:

<a href="retrieveFile.cfm?filename=#filename#">Download #filename#</a>

Then the contents of retrieveFile.cfm would look like this:

<cfheader name="Content-Type" value="unknown">
<cfheader name="Content-Disposition" value='attachment; filename="#filename#"'>

<cfcontent type="Application/Unknown" file="C:\files\#filename#" deletefile="no">

Adjust variables and paths to fit your application. You could also pass in an ID number and reference a database table and then pull your values from a database table.

Since retrieveFile.cfm is a .cfm file the security can be handled by your application.cfc and access can be restricted to people who are logged in.

This solution can limit access to pdf, .doc, .jpg, etc....

Answer 2

Once they got the direct link, they can do whatever they want unless you add security on the web server level. However by that time it's usually limited to HTTP Basic Authenticate and it's not easy to authenticate against your DB of user credentials.

The preferred ways would be making the files non-web accessible and shift the file serving responsibility to the application layer aka CF :

• handle the file serving on CF using <cfcontent> (ok with light load / small files, see steve's answer)
• use mod_xsendfile on Apache or IIS (through Apache Emulator) (recomeneded)
• move file to a url with random filename, and clean up the file after x minutes through cfscheduler. (more like a hack, but it has worked for many)