Secure downloadable PDF files

Discussion in 'ASP .Net Security' started by Alpine7, Mar 24, 2009.

  1. Alpine7

    Alpine7 Guest

    I would like to know the best place to store pdf files for download. I am
    looking for a high level explanation not a detailed how to.

    The files are user specifice information and I know I can create folders on
    my web server and store the files there then secure each folder using the
    web.config file. The app could then loop through the directory based on the
    users login and display the pdf files and if this users ID is granted access
    via the web.config in that folder then he could download the files if I have
    set up the proper application extentions.

    if the web server lives in the perimeter network then storing all the files
    on the server seems somewhat insecure. If I store the path to the files on
    the sql server and keep the files behind the firewall won't i have to punch a
    whole in my firewall so the files can be accessed by the web server and if so
    doesn't this pose a security risk. Can I use ISA to solve this problem and if
    so how.

    Any ideas would be appreciated.
    Alpine7, Mar 24, 2009
    #1
    1. Advertising

  2. > if the web server lives in the perimeter network then storing all the
    > files
    > on the server seems somewhat insecure.


    ....Unless the files are protected in the way that picking them is useless.
    For example, if you encrypt the files with a user password (and don't store
    the password), then this would be quite secure.

    To manage files easier we offer Solid File System (
    http://www.eldos.com/solfs/ ), which is a virtual file system oriented on
    storing documents and document metadata.

    --
    With best regards,
    Eugene Mayevski
    http://www.eldos.com/ - security and virtual storage components
    Eugene Mayevski, Mar 27, 2009
    #2
    1. Advertising

  3. Alpine7

    Chakravarthy Guest

    I recommend a restricted folder to contain all the files to download and
    design an interface to have the authentication enforced

    HTH

    "Alpine7" <> wrote in message
    news:...
    > I would like to know the best place to store pdf files for download. I am
    > looking for a high level explanation not a detailed how to.
    >
    > The files are user specifice information and I know I can create folders
    > on
    > my web server and store the files there then secure each folder using the
    > web.config file. The app could then loop through the directory based on
    > the
    > users login and display the pdf files and if this users ID is granted
    > access
    > via the web.config in that folder then he could download the files if I
    > have
    > set up the proper application extentions.
    >
    > if the web server lives in the perimeter network then storing all the
    > files
    > on the server seems somewhat insecure. If I store the path to the files on
    > the sql server and keep the files behind the firewall won't i have to
    > punch a
    > whole in my firewall so the files can be accessed by the web server and if
    > so
    > doesn't this pose a security risk. Can I use ISA to solve this problem and
    > if
    > so how.
    >
    > Any ideas would be appreciated.
    Chakravarthy, Apr 23, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Hongbo

    How to protect downloadable files?

    Hongbo, Feb 21, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    427
    Hans Kesting
    Feb 21, 2006
  2. Hongbo

    How to protect downloadable files?

    Hongbo, Feb 24, 2006, in forum: ASP .Net
    Replies:
    3
    Views:
    1,051
    Hongbo
    Feb 24, 2006
  3. lalit
    Replies:
    14
    Views:
    1,181
    lalit
    Jun 14, 2007
  4. Alan Silver

    How to protect downloadable files

    Alan Silver, Jan 7, 2008, in forum: ASP .Net
    Replies:
    4
    Views:
    361
    Alan Silver
    Jan 9, 2008
  5. rodrigo
    Replies:
    0
    Views:
    336
    rodrigo
    Jul 9, 2003
Loading...

Share This Page