Best approach to locking down a single file on a public website?

J

John Heitmuller.

Conceptually, what is the best approach here?

I am implementing a public website in the following environment.
• Windows 2003 Server w/ IIS 6.
• Anonymous access enabled via the IUSR_machinename account.
• Classic .asp fro server side scripting

I have a small encrypted data file in the root directory of the
website. Right now if the user enters the url into their browser
http://www.mypublicdomain.com/myencrytedfile.dat the user can download
the encrypted file.

The .asp scripts need access to the encrypted file. I am assuming
that the .asp scripts are running under the IUSR_machinename account.
I need to be able to allow my .asp scripts to access the file, while
preventing anonymous users from seeing (and downloading) the file.

If I can get pointed in the right direction I think I can work out the
details.

Thanks,
John
 
E

Evertjan.

John Heitmuller. wrote on 28 mei 2009 in
microsoft.public.inetserver.asp.general:
Conceptually, what is the best approach here?

I am implementing a public website in the following environment.
 Windows 2003 Server w/ IIS 6.
 Anonymous access enabled via the IUSR_machinename account.
 Classic .asp fro server side scripting

I have a small encrypted data file in the root directory of the
website. Right now if the user enters the url into their browser
http://www.mypublicdomain.com/myencrytedfile.dat the user can download
the encrypted file.

The .asp scripts need access to the encrypted file. I am assuming
that the .asp scripts are running under the IUSR_machinename account.
I need to be able to allow my .asp scripts to access the file, while
preventing anonymous users from seeing (and downloading) the file.

If I can get pointed in the right direction I think I can work out the
details.

Simplest is to tell no one the name of the file or preferably the name of
the subdirectory, while you have disabled directory browsing in IIS.

You can disable a directory to be accessed for downloading.

You can upgrade to windows 2008, where the rootdirectory and all but one
subdirectory is by default outside the www view/reach.

I do not believe in "best approach" as a NG Q,
as this is subject to your personal preferences and possibilities,
even concepually so.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,899
Latest member
RodneyMcAu

Latest Threads

Top