Best approach to locking down a single file on a public website?

Discussion in 'ASP General' started by John Heitmuller., May 28, 2009.

  1. Conceptually, what is the best approach here?

    I am implementing a public website in the following environment.
    • Windows 2003 Server w/ IIS 6.
    • Anonymous access enabled via the IUSR_machinename account.
    • Classic .asp fro server side scripting

    I have a small encrypted data file in the root directory of the
    website. Right now if the user enters the url into their browser
    http://www.mypublicdomain.com/myencrytedfile.dat the user can download
    the encrypted file.

    The .asp scripts need access to the encrypted file. I am assuming
    that the .asp scripts are running under the IUSR_machinename account.
    I need to be able to allow my .asp scripts to access the file, while
    preventing anonymous users from seeing (and downloading) the file.

    If I can get pointed in the right direction I think I can work out the
    details.

    Thanks,
    John
    John Heitmuller., May 28, 2009
    #1
    1. Advertising

  2. John Heitmuller.

    Evertjan. Guest

    John Heitmuller. wrote on 28 mei 2009 in
    microsoft.public.inetserver.asp.general:

    > Conceptually, what is the best approach here?
    >
    > I am implementing a public website in the following environment.
    >  Windows 2003 Server w/ IIS 6.
    >  Anonymous access enabled via the IUSR_machinename account.
    >  Classic .asp fro server side scripting
    >
    > I have a small encrypted data file in the root directory of the
    > website. Right now if the user enters the url into their browser
    > http://www.mypublicdomain.com/myencrytedfile.dat the user can download
    > the encrypted file.
    >
    > The .asp scripts need access to the encrypted file. I am assuming
    > that the .asp scripts are running under the IUSR_machinename account.
    > I need to be able to allow my .asp scripts to access the file, while
    > preventing anonymous users from seeing (and downloading) the file.
    >
    > If I can get pointed in the right direction I think I can work out the
    > details.


    Simplest is to tell no one the name of the file or preferably the name of
    the subdirectory, while you have disabled directory browsing in IIS.

    You can disable a directory to be accessed for downloading.

    You can upgrade to windows 2008, where the rootdirectory and all but one
    subdirectory is by default outside the www view/reach.

    I do not believe in "best approach" as a NG Q,
    as this is subject to your personal preferences and possibilities,
    even concepually so.

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
    Evertjan., May 28, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Charles A. Lackman
    Replies:
    1
    Views:
    1,304
    smith
    Dec 8, 2004
  2. SpamProof
    Replies:
    0
    Views:
    524
    SpamProof
    Oct 21, 2003
  3. Timasmith
    Replies:
    4
    Views:
    438
    Bjorn Borud
    Nov 1, 2006
  4. Randy Kramer
    Replies:
    2
    Views:
    383
    Randy Kramer
    Jan 12, 2007
  5. Joe Attardi
    Replies:
    1
    Views:
    97
Loading...

Share This Page