Prevent users from accessing files

[JP SIngh]

Hi All

We have an ASP application which links to various word and excel documents
stored in a folder called attachments.

The documents are extermely confidential in nature and we would like
restrict the access to them through the application only.

How can we prevent users from guessing the name of the document and reach it
by tying http://myserver/attachments/thisdocument.doc

Thanks in advance for your help.

 

[Steven Burn]

Stick them outside of the web root or password protect the folder......(the former is the best choice IMHO)

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

 

[JP SIngh]

But I still need to display the hyperlinks to the files when displaying
relevant records.

Essentially I only want them to me able to view the hyperlink from the page
but not outside it.


Stick them outside of the web root or password protect the folder......(the
former is the best choice IMHO)

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

 

[Mark Schupp]

http://www.aspfaq.com/show.asp?id=2276. this is for images but the same
approach should work for any file.

 

[Kyle Peterson]

you use ADO to stream the files once a user is logged in.. that way the real
location is unkown to the users

search www.aspin.com for more info on streaming files

applications like www.ASPProtect.com can also do it for you