Encrypt String or different approach

  • Thread starter Gary Townsend (Spatial Mapping Ltd.)
  • Start date
G

Gary Townsend (Spatial Mapping Ltd.)

Good afternoon,

I am building an application that uses ASP .NET, and Blackmoon FTP
Server, My plan currently is to automate some user processes one of
those processes is to allow them to download files in their FTP Root
directories via HTTP for our clients who are behind firewalls which
prevent them from using the FTP protocol.

So to this end i have created a page which lists all thier files out,
then provides a link that would spawn a new window which would initiate
the transfer. Couple problems exist for me being that i have only been
using ASP .NET for 2 weeks now my question is this.

1) Is there possibly a better way to initiate the file transfer without
spawning a new window

2) if spawning a new window is the route i go is there a way to encrypt
the string i send to the new page so that people can hack the file
transfer page to download any files they want.

Any suggestions on improving my approach to this problem are also welcome.


Gary Townsend
Systems and Web Developer
Spatial Mapping Ltd.
http://www.spatialmapping.com
250 564 1928
 
G

Gary Townsend (Spatial Mapping Ltd.)

By the way point to should read "so that people CAN NOT hack "
 
J

Jeff Dillon

Don't use a GET (using a querystring), but rather a POST to the target page.
The user then won't see any info in the address bar

jeff
 
P

Paul Ingles

Don't use a GET (using a querystring), but rather a POST to the target
page.
The user then won't see any info in the address bar

But it'd still be open by viewing the contents of the HTTP request.

To answer the original questions:

1) You could always use a URL Rewriter or something that would inspect the
request, and transfer the location to the actual URL.

2) Encrypting the string is a fairly sound approach in my opinion, but you
need to ensure the key is kept securely. Have a look at the DPAPI articles
on MSDN, they've got some good suggestions for that kind of thing.
 
J

Jeff Dillon

Excuse me? In ASP? I don't think so...

What do you mean by HTTP request? View Source on the page? You can't view
ASP code. And SSL would encrypt the packets themselves, if that's what you
mean.

Jef
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top