?
Solved

How to prevent downloading....

Posted on 1999-12-16
14
Medium Priority
?
233 Views
Last Modified: 2010-04-09
Hi,
how can I prevent someone from downloading a file from my server.
For ex. my server is www.adil.com and on the root dir. I've a file mydoc.doc. Now any body can download this file by giving the url www.adil.com/mydoc.doc
Is there any way so that only authorised users can download this file.
There is a site www.i-drive.com They are doing the same thing. They use SessionID to allow user to download a file. Without the sessionID, you can't download file.
How can be this implemented?
0
Comment
Question by:m_adil
  • 6
  • 3
  • 3
  • +1
14 Comments
 

Expert Comment

by:mkdebont
ID: 2286072
It can't. Each file you are viewing online is saved in the cache.

Each webpage, pictures, sounds are saved in the temporary directory.

People (who knows!!) search in there temporary dir and have to document also.


There is no way to prevent downloading.
0
 
LVL 1

Author Comment

by:m_adil
ID: 2286128
>> Each webpage, pictures, sounds are saved in temporary directory.

it saved in temporary directory after you've visited that page. but what if you havent visited that page?

What happening in i-drive.com is that after login, you've given a unique SessionID. Now you can visit that page (mydoc.doc) only when you include that sessionID with the url. For ex.
after login I've given a sessionID say a222bcff445t8. Now I know the url of my file. its https://www.idrive.com/adil/Dropbox/b2.htm?id=2305843012434919436&JServSessionId=QV0wiFXjO.z.mQaFrV.JS12
Now if I enter just https://www.idrive.com/adil/Dropbox/b2.htm, the file will not come. To visit the file i've to give the complete url.

So how they are doing this?

To try it out, you can go to www.i-drive.com Register ur self. (its free). Upload some files and then try downloading them with out SessionID
0
 
LVL 1

Author Comment

by:m_adil
ID: 2286154
oops. did some typing mistakes.

in simple words, if i know the url of my file, then i should be able to view the file by entering its url i.e. www.idrive.com/adil/Dropbox/b2.htm
but in this case, i can not view the file until unless i include the sessionID in the url. i.e.
www.idrive.com/adil/Dropbox/b2.htm?id=2305843012434919436&JServSessionId=QV0wiFXjO.z.mQaFrV.JS12
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 

Expert Comment

by:mkdebont
ID: 2286163
I did goto the first link and he asked immediatly if I want to download the file. (0 bytes)

And if I tried the second file then I did get nothing.

So that is good...


To do that also ASP is required!!

With ASP you can get the sessionid and more variables.

If the sessionid is filled then you can write the page (file) otherwise you put nothing into the content of the file and the can download anything.

It isn't that hard but you must know it how to do it!!

Martijn
http://www.thekitchen.nl

In this site is also ASP used and variables!! (The hotspot)
0
 
LVL 1

Author Comment

by:m_adil
ID: 2286226
but how an asp will interact without any refference. the url i've given  
www.idrive.com/adil/Dropbox/b2.htm?id=2305843012434919436&JServSessionId=QV0wiFXjO.z.mQaFrV.JS12
is a refference to b2.htm, not any asp. and by entering this url, the browser should open b2.htm

I cant understand this thing yet.
0
 
LVL 9

Expert Comment

by:TTom
ID: 2288445
Other than entering the entire URL as you have listed, how do you access the file.  Is this a site where you are a registered user?  Do you have to log in when you access the site?  Does the site store a cookie on your machine?

This has to do with authentication on the web server.  The URL you are putting in most likely is sent to a script which processes it to see if you are a valid user, and returns the page if you are.

Tom
0
 
LVL 1

Author Comment

by:m_adil
ID: 2289006
1. Is this a site where you are a registered user?  
yes, I'm a registered user there.

2. Do you have to log in when you access the site?  
Yes i've to

3. Does the site store a cookie on your machine?
No.

4. Other than entering the entire URL as you have listed, how do you access the file.
right, but upon entering the entire URL, why can't I access the file?

This is what happening there.
If there is a file(say abc.zip) on the net, and I know its URL. say it is www.somesite.com/files/abc.zip Now I should be able to download this file upon entering this URL, but in this case, I can not download the file until I include SessionID with the URL. And this sessionID is generated by the server after login.
Is the web server playing this game?
Is it possible that each request made by the client is first process by the script at the server and the script checks for the user validity, and in case of valid user, it is directed to the requested page?
0
 
LVL 2

Accepted Solution

by:
djsansui earned 120 total points
ID: 2289008
I think that you guys are headed in the wrong direction here.  All M_adil needs to do is put it in a protected directory.

Upload the file to a subdirectory of the main folder.  Then you must create 2 files, an .htaccess and an .htpasswd

first, create the .htaccess file in that new directory. it should then contain the following lines:

AuthUserFile /yourpath/.htpasswd
AuthGroupFile /yourpath/.htpassgp
AuthName "Secure Directory"
AuthType Basic

<Limit GET>
require valid-user
</Limit>

Now you need to change /yourpath/ to the full path of the directory that appears in telnet when you log in to that directory.

Next create the .htpasswd file.  It is very simple, all it needs to contain are lines like this:

user:password

the password must be encrypted with a utility like the one at http://campuscgi.princeton.edu/~willman/encrypt.  to make multiple users, just have each user on a new line in the file.
0
 
LVL 9

Expert Comment

by:TTom
ID: 2289813
m_adil:

"Is the web server playing this game?
Is it possible that each request made by the client is first process by the script at the server and the script checks for the user validity, and in case of valid user, it is directed to the requested page?"

I think your previous comment covers it.  The web server is checking to see if you are a valid user before delivering the file.

It comes down to how your server is configured for authentication.

djsansui has given details for one type of server, but you will need to check with your host about their specific capabilities for protecting pages/areas of your site.

Tom

0
 
LVL 1

Author Comment

by:m_adil
ID: 2290552
then i think I and djsansui should divide the points :-)
0
 
LVL 9

Expert Comment

by:TTom
ID: 2290567
Sounds good to me. (:-}

Tom
0
 
LVL 2

Expert Comment

by:djsansui
ID: 2292208
I'll agree to that :-)

BTW: anyone notice EE finally made the tables strech to screen width?
0
 
LVL 1

Author Comment

by:m_adil
ID: 2292285
yup and this is good.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to write a Context Sensitive Help (an online help that is obtained from a specific point in state of software to provide help with that state) ,  first we need to make the file that contains all topics, which are given exclusive IDs. …
Find out what you should include to make the best professional email signature for your organization.
In this Micro Tutorial viewers will learn how to create navigation buttons that change on rollover, using CSS (Continuation of the CSS Image Sprite tutorial) Create a parent ID for all the list items       - Specify position: absolute and display: block…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question