Secure downloadable PDF files

Discussion in 'ASP .Net Security' started by Alpine7, Mar 24, 2009.

  1. Alpine7

    Alpine7 Guest

    I would like to know the best place to store pdf files for download. I am
    looking for a high level explanation not a detailed how to.

    The files are user specifice information and I know I can create folders on
    my web server and store the files there then secure each folder using the
    web.config file. The app could then loop through the directory based on the
    users login and display the pdf files and if this users ID is granted access
    via the web.config in that folder then he could download the files if I have
    set up the proper application extentions.

    if the web server lives in the perimeter network then storing all the files
    on the server seems somewhat insecure. If I store the path to the files on
    the sql server and keep the files behind the firewall won't i have to punch a
    whole in my firewall so the files can be accessed by the web server and if so
    doesn't this pose a security risk. Can I use ISA to solve this problem and if
    so how.

    Any ideas would be appreciated.
     
    Alpine7, Mar 24, 2009
    #1
    1. Advertisements

  2. if the web server lives in the perimeter network then storing all the
    ....Unless the files are protected in the way that picking them is useless.
    For example, if you encrypt the files with a user password (and don't store
    the password), then this would be quite secure.

    To manage files easier we offer Solid File System (
    http://www.eldos.com/solfs/ ), which is a virtual file system oriented on
    storing documents and document metadata.
     
    Eugene Mayevski, Mar 27, 2009
    #2
    1. Advertisements

  3. Alpine7

    Chakravarthy Guest

    I recommend a restricted folder to contain all the files to download and
    design an interface to have the authentication enforced

    HTH
     
    Chakravarthy, Apr 23, 2009
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.