afridays
asked on
ASP +Load Image File in SQL Server Database
I am trying to develop an app where we sell information that can be downloaded over the web, so it has to be secure but it also has to allow for disconnects. i was thinking of loading the files into an image field in sql
server but i'm not sure how to tie it all together. is it possible to download an image file say from an asp page that hits the sqlserver database? would you first have to write this file from the database to the
hard disk and then start the download? For instance if i had a compressed (winzip) file stored in an image field in sql could i access it with an asp page and have it downloaded directly to the user. So if the web user points his browser to the asp page he should then be promted to save the file. any help(especially sample code) would be much appreciated.
thanks
server but i'm not sure how to tie it all together. is it possible to download an image file say from an asp page that hits the sqlserver database? would you first have to write this file from the database to the
hard disk and then start the download? For instance if i had a compressed (winzip) file stored in an image field in sql could i access it with an asp page and have it downloaded directly to the user. So if the web user points his browser to the asp page he should then be promted to save the file. any help(especially sample code) would be much appreciated.
thanks
Instead of storring the file itself in SQL server. Store the location of the file in SQL server.
raizon's suggestion is good, but i think u'll need to go one step further, my friend.
it sounds like u want to make it so that people can grab the image, either by downloading OR showing the image in an HTML page (then they right click => save pciture as)
either way, if i know the original location of the pic, then i can tell anyone else to grab that pic.
U might want to grab the pic location from the database and then copy that pic to a temp location, renaming it something weird (like picname & Now() & ".gif" or something..) and clearing that folder every week / month. That way, no one knows the original location of the pics, nor the original pics names.
if the downloaded information is text, then the same theory can be applied. of course, u don't really need a temp page .. the content is dynamic so if anyone tries to connect to the page, there will be no content (the content is dynamic remember .. dependant upon an input parameter).
anyways, this is getting long.
good luck
-PK-
it sounds like u want to make it so that people can grab the image, either by downloading OR showing the image in an HTML page (then they right click => save pciture as)
either way, if i know the original location of the pic, then i can tell anyone else to grab that pic.
U might want to grab the pic location from the database and then copy that pic to a temp location, renaming it something weird (like picname & Now() & ".gif" or something..) and clearing that folder every week / month. That way, no one knows the original location of the pics, nor the original pics names.
if the downloaded information is text, then the same theory can be applied. of course, u don't really need a temp page .. the content is dynamic so if anyone tries to connect to the page, there will be no content (the content is dynamic remember .. dependant upon an input parameter).
anyways, this is getting long.
good luck
-PK-
>>if i know the original location of the pic, then i can tell anyone else to grab that pic.
simpilest way of preventing that is to apply security to the directory that the images are kept in. In your IIS (if thats what you are running) Turn off allow anonymous authentication and turn on Basic authentication. Set a specific user for that directory. Then even if someone else gets the location of the pic they would have to have the username ans password as well.
Keep in mind that this is trusting those who have the username and password not to give it out.
If you don't want to provide that sort of trust then PK's suggestion is the way to go.
simpilest way of preventing that is to apply security to the directory that the images are kept in. In your IIS (if thats what you are running) Turn off allow anonymous authentication and turn on Basic authentication. Set a specific user for that directory. Then even if someone else gets the location of the pic they would have to have the username ans password as well.
Keep in mind that this is trusting those who have the username and password not to give it out.
If you don't want to provide that sort of trust then PK's suggestion is the way to go.
You can have the data in the database. All you need is an asp page that gets it from the database, if the correct requirements are met (e.g. user is logged in).
The asp page only has to read the data from the database and response.write it. This way you don't have to store it in a file somewhere, and you have no problems with file permission.
You may also want to change the content type and/or the filename. Something like:
Response.ContentType = "application/msword"
Response.AddHeader "content-disposition","att achment; filename=myinfo.doc"
The asp page only has to read the data from the database and response.write it. This way you don't have to store it in a file somewhere, and you have no problems with file permission.
You may also want to change the content type and/or the filename. Something like:
Response.ContentType = "application/msword"
Response.AddHeader "content-disposition","att
ASKER
reply to RAIZON
say you had 10,000 people register on your site, and i don't want any registered user to view the files of other members so would i have to create individual folders for each member, with autentication that is specific to
them? I guess if that is the solution it would be possible to dynamically set up a folder when they set up a user account. it seems like a lot of folders to manage. After they successfully downloaded the files i would
then want to programatically delete them.
this seems like a lot of overhead. basically we create a folder, populate the folder with data that is stored in sql,delete the data after a specific
time period.
would it be better to store the files in one non-browsing directory perhaps
with a guid for a file name and then email the user the link to download?
thanks for any input
say you had 10,000 people register on your site, and i don't want any registered user to view the files of other members so would i have to create individual folders for each member, with autentication that is specific to
them? I guess if that is the solution it would be possible to dynamically set up a folder when they set up a user account. it seems like a lot of folders to manage. After they successfully downloaded the files i would
then want to programatically delete them.
this seems like a lot of overhead. basically we create a folder, populate the folder with data that is stored in sql,delete the data after a specific
time period.
would it be better to store the files in one non-browsing directory perhaps
with a guid for a file name and then email the user the link to download?
thanks for any input
With your needs being specific users and specific files for that user then my previous suggestion would not be the way to go.
>>would it be better to store the files in one non-browsing directory perhaps
with a guid for a file name and then email the user the link to download?
This would be a good route to go but then you have the same issue where if the user gives someone else the path to the image they could still view it.
You could dynamically build the page with the link to the image and have the users ID in that page. Create a function that when the onUnload event is called in posts the users ID to another page that will then perform all your clean ups needed.
Just a thought.
Raizon
>>would it be better to store the files in one non-browsing directory perhaps
with a guid for a file name and then email the user the link to download?
This would be a good route to go but then you have the same issue where if the user gives someone else the path to the image they could still view it.
You could dynamically build the page with the link to the image and have the users ID in that page. Create a function that when the onUnload event is called in posts the users ID to another page that will then perform all your clean ups needed.
Just a thought.
Raizon
ASKER
Raizon:
i'm not quite sure how to implement your response. probably beyond the scope of this question. i think in reality if the end user wants to share
the file he is downloading there isn't much i can do. Our product is environmental maps and data in pdf format.
have you seen any sample code with your suggested implemntation?
thanks
i'm not quite sure how to implement your response. probably beyond the scope of this question. i think in reality if the end user wants to share
the file he is downloading there isn't much i can do. Our product is environmental maps and data in pdf format.
have you seen any sample code with your suggested implemntation?
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
then in your delete.asp perform any cleanups necessary.
>>i think in reality if the end user wants to share the file he is downloading there isn't much i can do.
absolutly true.
>>i think in reality if the end user wants to share the file he is downloading there isn't much i can do.
absolutly true.
Why not drop the form? ;)
<%
'get the users ID first.
'get the image and display the image
%>
<body onUnload="JavaScript: window.open('delete.asp?<% =userID%>' ,'myWindow ', 'height=200,
width=200, toolbars=0, scrollbar=0');>
<%
'get the users ID first.
'get the image and display the image
%>
<body onUnload="JavaScript: window.open('delete.asp?<%
width=200, toolbars=0, scrollbar=0');>
ASKER
TO: Raizon, GreenGhost and Pure
Thanks for all the help. I got a little busy and won't be able to get to it (implementing the code) until this weekend. I'll let you know how it goes.
Thanks,
Thanks for all the help. I got a little busy and won't be able to get to it (implementing the code) until this weekend. I'll let you know how it goes.
Thanks,