File downloads

P

Pete

I have an Access db with usernames and passwords set up on a web site. Upon
signing in to a password protected asp page which contains a link to an exe
file, the user clicks the link and the browser asks to either Open or Save
the file.

All this works fine, but if the user simply types the full path to the file
in the address bar, the browser again asks the user to either Open or Save
the file - thus bypassing the security.

Is there a way to prevent this "back door" method of accessing the file or
would I have to set up an FTP mechanism. If so, How would I go about this?

Many thanks.
 
R

Ray Costanzo [MVP]

One way would be to use Windows authentication on your site instead of users
and passwords in a database. This is often not a viable solution. So, the
more appropriate way would then be to store the .exe file outside of the WWW
area in the file system on your server, and then stream the file back to the
authenticated user:

ASP files: D:\Inetpub\thesite
Path to the exe file: D:\Files\myfile.exe

<%
If Session("loggedin") Then ''or whatever you're using to check for
login
FPath = "D:\Files\myfile.exe"
Set adoStream = CreateObject("ADODB.Stream")
adoStream.Open()
adoStream.Type = 1
adoStream.LoadFromFile(FPath)
Response.BinaryWrite adoStream.Read()
adoStream.Close: Set adoStream = Nothing
Response.End
Else
Response.Redirect "/login.asp"
End If
%>

Adapted from http://www.aspfaq.com/show.asp?id=2276

Ray at work
 
P

Pedram Rahimi

...
1- You can make a Field in your Access Database in OLE object type .
And then insert files in database not in a path or folder .
of course it is not a method with good performance .
Authentication and Authorization will do from database .

2- Make a folder outside wwwroot and rename it to "uploads" then
copy all secured files in it . Now for addressing use this code
<a href='<% Server.MapPath("../uploads/yourfile1.zip") %>'>Link</a>
When user click on link must enter Username and Password that
made in Windows .
...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Expert Guide to Convert MBOX to PST File Manually in 2025 3
PDF file won't open 1
PHP failed to create file 13
Mocking file downloads 1
How to View an OST file without Microsoft Outlook? 1
Downloads 5
How to move Thunderbird data to EMLX file format? 2
Using a DTSX file with GoDaddy 0

Members online

No members online now.
Total: 346 (members: 2, guests: 344)
Robots: 154

Forum statistics

Threads
474,262
Messages
2,571,059
Members
48,769
Latest member
Clifft

Latest Threads

Top