Solved

How do I use a MS ACCESS db of reg users for a secured subweb ?

Posted on 2004-03-26
9
176 Views
Last Modified: 2013-12-24
I want to restrict access to a folder in my frontpage website that contains files for customers to download eg. http://www.mydomain.com/download/ebook01.zip 
I have a registration module where buyers have to signup and indicate their preferred Username and Password and the system will email them an acknowledgement which they have to Activate before they can actually login to the 'Registered Customers Page'. This is all working fine. However, on this Registered Customers Page, there are 3 links for them to click to download the files they have paid for. The problem I have is how to prevent the URL of those links from being passed around to non-paying customers. So I figured I needed to secure the folder where the files are. I know how to secure the folder by changing it to a subweb etc. I used a MS ACCESS db to store the registered customers that can login. So, my question is, instead of manually ADDING new users to the frontpgae subweb, is there a way to check against the database that holds the registered customers to grant them access to download the files from the subweb ?

Thanks in advance for any help..:) sorry it is a bit long winded.
0
Comment
Question by:DrBix
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 
LVL 29

Expert Comment

by:coreybryant
ID: 10687480
0
 

Author Comment

by:DrBix
ID: 10693506
I am aware of the Spooky Login. I do not have a problem with securing my web pages. It is the links within those secured pages that I want to protect and from what I have read in the forum, the Spooky Login only protects the pages - which means if I have a link on the secured page with this URL for example:  http://www.mydomain.com/download/ebook.zip  - any user who has logged in can still see the full download path of the file and if that is passed around, anyone can just bypass the login and directly download the file. To solve this problem, it would be great if there is a way to secure the download folder ( which can be done by turning that into a subweb with required permissions ) and only allow those registered customers with login/pw to be able to download the file. If someone knows the path of the download folder etc, at least they now have to have a login/pw - they won't be able to bypass.

I have at the moment managed to hide the actual download path but I want to actually fully secure the folder i.e. so that even if they know the full path, they would not be able to download the file if they have bypassed the login.

 I hope I am expressing the problem clearly.


Many thanks for feedback.
0
 
LVL 29

Expert Comment

by:coreybryant
ID: 10694375
Right-click the folder and choose "convert  to web". This makes the folder a sub-web of the main website. Once you publish the web to your network you have to open each of the pages in each folder. Go to tools on the menu bar, choose security. Select "this web has unique permissions", then click apply. Then choose Add Users, and create a username and password for each page.

-Corey
0
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

 

Author Comment

by:DrBix
ID: 10694515
Sorry, perhaps I was not clear about what I need, but you are on the right track. I know how to do the subweb thing. What I do NOT want to do is to manually ADD USERS. What I want is to allow those registered users, whose details are stored in an MS ACCCESS db, to access this secured subweb AUTOMATICALLY without needing my intervention. They have gone through a registration process and are my customers - I just want them to be automatically given access rights without me having to manually add them. Is there any function or any way that can link the ADD USERS to reference an existing db where you can specify the login/pw fields to check if a user is an authorised registered user ? This would solve the problem..:)
0
 
LVL 29

Expert Comment

by:coreybryant
ID: 10694640
Well it is not a FP issue - more geared towards programming.  We actually did something a few days ago for programming something like you are speaking about.  He wanted PDFs to be secured.  I was told they would have to be in a folder that is not accessible via the internet.  And then use something like ASPUploadComponent to access the files.   This will allow the registered members to communicate with the server & files that are not necessarily accessible via the internet (HTTP).  

-Corey
0
 

Author Comment

by:DrBix
ID: 10694680
All my files are on the server that has to be accessible via the Internet so that the whole things can just run on it's own without any manual intervention. So is it the conclusion that the solution I am looking for is not something that can be done easily or without any programming ?  
0
 
LVL 29

Accepted Solution

by:
coreybryant earned 30 total points
ID: 10694695
Correct.  You are wanting to secure non-HTML / non-ASP files.  You need to enter user names manually.  FP will not communicate with an MS Access DB the way that you desire.  You might be looking at about 25 hours of programming.  

-Corey
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Now that Expression Web 4.0 (http://www.microsoft.com/expression/products/Upgrade.aspx) is free if you buy or have the full version of Expression Web 3.0, now is the best time to  migrate from FrontPage to Expression Web (http://www.frontpage-to-exp…
Turn A Profile Picture Into A Cartoon Using Photoshop And Illustrator This tutorial will teach you how to make a cartoon style image out of a regular picture. I have tried to keep the tutorial as simple as possible. I used Adobe CS4 for this tuto…
The purpose of this video is to demonstrate how to reset a WordPress password if you are locked out and cannot reset the password. A typical use would be if you cannot access the email to which WordPress would send the password recovery email to…
The purpose of this video is to demonstrate how to prevent comment spam on a WordPress Website. This will be demonstrated using a Windows 8 PC. Plugin Akismet will be used. Go to your WordPress login page. This will look like the following: myw…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question