-
ASP and User/Directory authentication
On a server I have 3 directories:
1)a directory in which I store original images (JPG)
2)a directory in which I store thumbnails
3)a directory in which I store previews
I built a database application (with user authentication) to browse the image
catalogue. The user can also add images in a shopping basket. Now
I would like to redirect the user to a page where he can download the images
he has selected. I can do this but my problem is: how to secure the original
files from beeing downloaded? This because I can read the path in the source
of the HTML file and with a little imagination I can type the full path in
the browser. I would like to manage all access rights with my own database
application, not from the windows conventional security methods.
Thank you.
-
Re: ASP and User/Directory authentication
Q*bert
Don't allow access to the original files. At run time, create directory
(after check out) and copy all the files desired to be downloaded to that
directory, after the checkout is complete and files downloaded, delete the
directory. (or do as a batch process each evening or something)
This assumes:
1) you have premission to create directories on the fly
2) don't have a major concern about drive space.
Hope this helps.
Q*bert
@(#*&$
"Marco Benedetti" <marco.benedetti@bluewin.ch> wrote:
>
>On a server I have 3 directories:
>1)a directory in which I store original images (JPG)
>2)a directory in which I store thumbnails
>3)a directory in which I store previews
>I built a database application (with user authentication) to browse the
image
>catalogue. The user can also add images in a shopping basket. Now
>I would like to redirect the user to a page where he can download the images
>he has selected. I can do this but my problem is: how to secure the original
>files from beeing downloaded? This because I can read the path in the source
>of the HTML file and with a little imagination I can type the full path
in
>the browser. I would like to manage all access rights with my own database
>application, not from the windows conventional security methods.
>Thank you.
-
Re: ASP and User/Directory authentication
Do not allow direct access to the downloadable files, simply use an accessible
ASP file to read the file and response.binarywrite the contents to the ouput
stream. Be sure to construct the headers appropriately and finally use a
meta tag to give it the correct filename for download.
By using an ASP page in this manner you can fulfill your security aspects
and allow a way to programatically allow access without unlimited download
capabilities.
"Marco Benedetti" <marco.benedetti@bluewin.ch> wrote:
>
>On a server I have 3 directories:
>1)a directory in which I store original images (JPG)
>2)a directory in which I store thumbnails
>3)a directory in which I store previews
>I built a database application (with user authentication) to browse the
image
>catalogue. The user can also add images in a shopping basket. Now
>I would like to redirect the user to a page where he can download the images
>he has selected. I can do this but my problem is: how to secure the original
>files from beeing downloaded? This because I can read the path in the source
>of the HTML file and with a little imagination I can type the full path
in
>the browser. I would like to manage all access rights with my own database
>application, not from the windows conventional security methods.
>Thank you.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
Forum Rules
|
Top DevX Stories
Easy Web Services with SQL Server 2005 HTTP Endpoints
JavaOne 2005: Java Platform Roadmap Focuses on Ease of Development, Sun Focuses on the "Free" in F.O.S.S.
Wed Yourself to UML with the Power of Associations
Microsoft to Add AJAX Capabilities to ASP.NET
IBM's Cloudscape Versus MySQL
|
Reply With Quote
Bookmarks