M
Mark
Hi - I have a document management system in ASP/VBScript, which copies
files to a http://www.[mysite]/files directory. While uploading files
to that directory, it also updates a database with full path
information, and user groups allowed to see the file.
To get access to the file list, a user needs to login - their login is
associated with a group list, which as above, permits them to see a file
list of files with the appropriate group membership.
As the links which is shown on the screen is a direct link to the
document, it would be relatively simple for anyone to see the link, and
access the document(s) without logging into the document management
systemeg: http://www[mysite]/files/contactlist.doc
Is there anyway of securing the absolute path of the document, or of the
files directory, to stop people simply browsing by entering the URL -
where if they tried they would be taken back to the login screen? Or is
the only alternative to store the files in a BLOB field in the database,
and secure them in that way?
Thanks for any tips,
Mark
a client has requested that I make a file management system more secure
files to a http://www.[mysite]/files directory. While uploading files
to that directory, it also updates a database with full path
information, and user groups allowed to see the file.
To get access to the file list, a user needs to login - their login is
associated with a group list, which as above, permits them to see a file
list of files with the appropriate group membership.
As the links which is shown on the screen is a direct link to the
document, it would be relatively simple for anyone to see the link, and
access the document(s) without logging into the document management
systemeg: http://www[mysite]/files/contactlist.doc
Is there anyway of securing the absolute path of the document, or of the
files directory, to stop people simply browsing by entering the URL -
where if they tried they would be taken back to the login screen? Or is
the only alternative to store the files in a BLOB field in the database,
and secure them in that way?
Thanks for any tips,
Mark
a client has requested that I make a file management system more secure