File downloads

Discussion in 'ASP General' started by Pete, Feb 11, 2005.

  1. Pete

    Pete Guest

    I have an Access db with usernames and passwords set up on a web site. Upon
    signing in to a password protected asp page which contains a link to an exe
    file, the user clicks the link and the browser asks to either Open or Save
    the file.

    All this works fine, but if the user simply types the full path to the file
    in the address bar, the browser again asks the user to either Open or Save
    the file - thus bypassing the security.

    Is there a way to prevent this "back door" method of accessing the file or
    would I have to set up an FTP mechanism. If so, How would I go about this?

    Many thanks.
     
    Pete, Feb 11, 2005
    #1
    1. Advertising

  2. One way would be to use Windows authentication on your site instead of users
    and passwords in a database. This is often not a viable solution. So, the
    more appropriate way would then be to store the .exe file outside of the WWW
    area in the file system on your server, and then stream the file back to the
    authenticated user:

    ASP files: D:\Inetpub\thesite
    Path to the exe file: D:\Files\myfile.exe

    <%
    If Session("loggedin") Then ''or whatever you're using to check for
    login
    FPath = "D:\Files\myfile.exe"
    Set adoStream = CreateObject("ADODB.Stream")
    adoStream.Open()
    adoStream.Type = 1
    adoStream.LoadFromFile(FPath)
    Response.BinaryWrite adoStream.Read()
    adoStream.Close: Set adoStream = Nothing
    Response.End
    Else
    Response.Redirect "/login.asp"
    End If
    %>

    Adapted from http://www.aspfaq.com/show.asp?id=2276

    Ray at work


    "Pete" <> wrote in message
    news:...
    > I have an Access db with usernames and passwords set up on a web site.

    Upon
    > signing in to a password protected asp page which contains a link to an

    exe
    > file, the user clicks the link and the browser asks to either Open or Save
    > the file.
    >
    > All this works fine, but if the user simply types the full path to the

    file
    > in the address bar, the browser again asks the user to either Open or Save
    > the file - thus bypassing the security.
    >
    > Is there a way to prevent this "back door" method of accessing the file or
    > would I have to set up an FTP mechanism. If so, How would I go about this?
    >
    > Many thanks.
     
    Ray Costanzo [MVP], Feb 11, 2005
    #2
    1. Advertising

  3. Pete

    Mark Schupp Guest

    You can try something like http://www.aspfaq.com/show.asp?id=2276

    --
    --Mark Schupp
    Head of Development
    Integrity eLearning
    www.ielearning.com

    "Pete" <> wrote in message
    news:...
    >I have an Access db with usernames and passwords set up on a web site. Upon
    > signing in to a password protected asp page which contains a link to an
    > exe
    > file, the user clicks the link and the browser asks to either Open or Save
    > the file.
    >
    > All this works fine, but if the user simply types the full path to the
    > file
    > in the address bar, the browser again asks the user to either Open or Save
    > the file - thus bypassing the security.
    >
    > Is there a way to prevent this "back door" method of accessing the file or
    > would I have to set up an FTP mechanism. If so, How would I go about this?
    >
    > Many thanks.
     
    Mark Schupp, Feb 11, 2005
    #3
  4. ...
    1- You can make a Field in your Access Database in OLE object type .
    And then insert files in database not in a path or folder .
    of course it is not a method with good performance .
    Authentication and Authorization will do from database .

    2- Make a folder outside wwwroot and rename it to "uploads" then
    copy all secured files in it . Now for addressing use this code
    <a href='<% Server.MapPath("../uploads/yourfile1.zip") %>'>Link</a>
    When user click on link must enter Username and Password that
    made in Windows .
    ...

    "Pete" wrote:

    > I have an Access db with usernames and passwords set up on a web site. Upon
    > signing in to a password protected asp page which contains a link to an exe
    > file, the user clicks the link and the browser asks to either Open or Save
    > the file.
    >
    > All this works fine, but if the user simply types the full path to the file
    > in the address bar, the browser again asks the user to either Open or Save
    > the file - thus bypassing the security.
    >
    > Is there a way to prevent this "back door" method of accessing the file or
    > would I have to set up an FTP mechanism. If so, How would I go about this?
    >
    > Many thanks.
     
    Pedram Rahimi, Feb 13, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. PJ

    Large File Downloads

    PJ, Aug 26, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    336
  2. Jeff Cooper
    Replies:
    1
    Views:
    409
    Jeff Cooper
    Oct 17, 2003
  3. Tim
    Replies:
    2
    Views:
    2,006
    Laidbak
    Jan 20, 2004
  4. Robert Scheer

    Multiple file downloads

    Robert Scheer, Feb 7, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    401
    Kevin Spencer
    Feb 9, 2004
  5. Gibby

    File downloads to client

    Gibby, Jun 24, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    1,379
    Brian Lowe
    Jun 24, 2004
Loading...

Share This Page