How do I use a MS ACCESS db of reg users for a secured subweb ?

I want to restrict access to a folder in my frontpage website that contains files for customers to download eg. http://www.mydomain.com/download/ebook01.zip 
I have a registration module where buyers have to signup and indicate their preferred Username and Password and the system will email them an acknowledgement which they have to Activate before they can actually login to the 'Registered Customers Page'. This is all working fine. However, on this Registered Customers Page, there are 3 links for them to click to download the files they have paid for. The problem I have is how to prevent the URL of those links from being passed around to non-paying customers. So I figured I needed to secure the folder where the files are. I know how to secure the folder by changing it to a subweb etc. I used a MS ACCESS db to store the registered customers that can login. So, my question is, instead of manually ADDING new users to the frontpgae subweb, is there a way to check against the database that holds the registered customers to grant them access to download the files from the subweb ?

Thanks in advance for any help..:) sorry it is a bit long winded.
DrBixAsked:
Who is Participating?
 
coreybryantConnect With a Mentor Commented:
Correct.  You are wanting to secure non-HTML / non-ASP files.  You need to enter user names manually.  FP will not communicate with an MS Access DB the way that you desire.  You might be looking at about 25 hours of programming.  

-Corey
0
 
coreybryantCommented:
0
 
DrBixAuthor Commented:
I am aware of the Spooky Login. I do not have a problem with securing my web pages. It is the links within those secured pages that I want to protect and from what I have read in the forum, the Spooky Login only protects the pages - which means if I have a link on the secured page with this URL for example:  http://www.mydomain.com/download/ebook.zip  - any user who has logged in can still see the full download path of the file and if that is passed around, anyone can just bypass the login and directly download the file. To solve this problem, it would be great if there is a way to secure the download folder ( which can be done by turning that into a subweb with required permissions ) and only allow those registered customers with login/pw to be able to download the file. If someone knows the path of the download folder etc, at least they now have to have a login/pw - they won't be able to bypass.

I have at the moment managed to hide the actual download path but I want to actually fully secure the folder i.e. so that even if they know the full path, they would not be able to download the file if they have bypassed the login.

 I hope I am expressing the problem clearly.


Many thanks for feedback.
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
coreybryantCommented:
Right-click the folder and choose "convert  to web". This makes the folder a sub-web of the main website. Once you publish the web to your network you have to open each of the pages in each folder. Go to tools on the menu bar, choose security. Select "this web has unique permissions", then click apply. Then choose Add Users, and create a username and password for each page.

-Corey
0
 
DrBixAuthor Commented:
Sorry, perhaps I was not clear about what I need, but you are on the right track. I know how to do the subweb thing. What I do NOT want to do is to manually ADD USERS. What I want is to allow those registered users, whose details are stored in an MS ACCCESS db, to access this secured subweb AUTOMATICALLY without needing my intervention. They have gone through a registration process and are my customers - I just want them to be automatically given access rights without me having to manually add them. Is there any function or any way that can link the ADD USERS to reference an existing db where you can specify the login/pw fields to check if a user is an authorised registered user ? This would solve the problem..:)
0
 
coreybryantCommented:
Well it is not a FP issue - more geared towards programming.  We actually did something a few days ago for programming something like you are speaking about.  He wanted PDFs to be secured.  I was told they would have to be in a folder that is not accessible via the internet.  And then use something like ASPUploadComponent to access the files.   This will allow the registered members to communicate with the server & files that are not necessarily accessible via the internet (HTTP).  

-Corey
0
 
DrBixAuthor Commented:
All my files are on the server that has to be accessible via the Internet so that the whole things can just run on it's own without any manual intervention. So is it the conclusion that the solution I am looking for is not something that can be done easily or without any programming ?  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.