Any static files (html, jpg, css, pdf, mdb(lol), etc) can be secured by placing them outside the web root and using cfheader
and cfcontent
to access the files. Your CFM file with cfheader
and cfcontent
should be covered by your application security.
<cfheader name="content-disposition" value="attachment; filename=myAwesomeAccessDatabaseIsTheBombDigity.mdb">
<cfcontent type="application/x-msacces" file="c:\NotMyWebsite\myAwesomeAccessDatabaseIsTheBombDigity.mdb">
Doing this with an HTML
file is kind of silly though because the linked assets (CSS, JS, JPG, etc) won't be accessible if they are also below your web root. Html, css, js, images (unless you're running a graphic sales website) don't usually need to be protected like that.