controlled access in fso

W

WC Justice

I have a SQL Server-driven website with public and secure areas. Anonymous
connection is via IUSR and authentication for the secure area is done via
asp. Several pages first authenticate with asp and then use the fso to
provide access to certain files for downloading or viewing via hyperlink.
Up to this point, I am satisfied that I am able to control access to certain
files and folder.

The problem arises that, if an internet user guesses the path and filename,
he can download a file through the browser. The actual files are outside of
the website tree, and are accessed via virtual directories. I have tried to
fix this by limiting access to the base folder to internal users only and
creating a user "IFSO" that has external access.

Where I am at this point is that I get a "File Not Found" error when the
fso.getfolder method tries to execute. Can I pass userid and password
arguments in the getfolder method? If not, do you have any ideas as to how
to give the website access to these folders without giving the public
unrestricted access to them?

Thank you
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,902
Latest member
Elena68X5

Latest Threads

Top