Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Upload image in non web accessible folder

Posted on 2004-03-30
9
Medium Priority
?
327 Views
Last Modified: 2008-02-01
Hi experts,

We are developing a website where we enable users to upload images on our server. Right now I am storing the image in our database, without having an actual copy of it on our server. However, for creating the proofs, the customer needs the actual jpg/gif files.

The web hosting company only has ASP SimpleUpload installed, and they don't allow anonymous uploads to the server. They did mention that we could use a non web accessible folder, upload our images there, and later on move that image to the desired folder.

I just wanted to know a little more about what non web accessible folders are, how they provide the security over other folders, and how I can use them in my situation.

Would this code work to upload the file to the folder?
Dim File
  For Each File In MyUploader.Files.Items
    File.SaveToDisk Server.Mappath("../uploadimage") 'to store image in uploadimage folder
  Next

And then to move the file, I could use
<%
Dim fso

set fso = Server.CreateObject("Scripting.FileSystemObject")
fso.MoveFile "C:\source.txt", "C:\anotherfolder\source.txt"

Set fso = Nothing
%>

Do I really need to use ASP Simple Upload, aor do I need to ask for other components?

Thanks in advance

0
Comment
Question by:poshlivin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 28

Assisted Solution

by:sybe
sybe earned 200 total points
ID: 10714284
Dim File

For Each File In MyUploader.Files.Items
    File.SaveToDisk "C:\temp"  
Next
0
 
LVL 11

Accepted Solution

by:
mouatts earned 1000 total points
ID: 10715100
A non web accessible fold is more secure than a web accessible one because it is out side of the root/home directory of the web server and therefore it is impossible for someone to type a URL in to a browser ro get to the directory even with ../ etc in it. For this same reason commands such as server.mappath will never work with it (the use in your example is fine).

For example if the server root is set to d:\websites\www then d:\websites\data is inaccessible (you can't use ../data in a URL because so far as the server is concerned there is no where to go above www.

The gist of your code (or Sybes) should be fine but I question slightly what your host is saying about not allowing anonymous uploads. I guess they could be saying that none of the directories within you site will have write access from the webserver. In which case Sybes code would work but yours wouldn't. I am assuming this as opposed to something more sophisicated like restricting access to the component its self to a non anonymous account (I can't quite get my head around that but I suspect that it can be done).

If I am correct in this assumption then any upload component or the ADO Stream method of uploading (and these are you onbly choices) is going to be similarly restricted.

If you've got a working component then you may as well use it.

HTH
Steve


0
 

Author Comment

by:poshlivin
ID: 10715360
Thanks for the info. There is a little more i want to clarify - would my ASP pages be able to upload into the non web accessible folder?

If so, I guess Sybe's code would work right? And I should also be able to move from that folder onto my website folder, right?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 11

Expert Comment

by:mouatts
ID: 10715474
If your hosts are simply not allowing any of your web accessible folders to have write access then yes you should be able to upload into the non accessible ones in the way sybes has suggested. But you will not be able to copy from there to your accessible ones with ASP because the server doesn't have write access!

You could still get to them and even display the images using the ADO Stream method I mentioned earlier to output them but it doesn't seem like a very suitable approach to be honest.

I'd suggest that you give it a test your self with the host just to check that the comment about non-accessible folders is indeed correct.

Steve
0
 

Author Comment

by:poshlivin
ID: 10716991
The web admin said he has restricted browser access to the folder UploadedFile, but only given write and execute permissions to it.

Would that be good enough to allow uploads?
0
 
LVL 11

Expert Comment

by:mouatts
ID: 10718129
Yes that should be ok although its a bit dodgy allowing write and execute permissions but thats his problem.

Steve
0
 

Author Comment

by:poshlivin
ID: 10718178
So now I used the code

 For Each File In MyUploader.Files.Items
    File.SaveToDisk ("UploadedFile") 'to store image in uploadimage folder
  Next

I have set a prompt to list all the file names and sizes uploaded.
Although I see those prompts, the file never gets writtten :(
0
 

Author Comment

by:poshlivin
ID: 10718617
My Mistake....
I used Server.MapPath instead of just the fiel name, and it's uploading the file alright!

Just one more question (and i am raising points on this)

How do I dynamically create a folder through ASP on my server?
Say user1 uploads an image - then I have to create a folder in his name and then move the files from the non web accessible folder to his folder. Is it possible?

Thanks
0
 
LVL 11

Expert Comment

by:mouatts
ID: 10719289
use the filesystemobject method of createfolder eg
fso.createfolder(foldername)

this will generate an error if the folder already exists so you need to check for its existence first with fso.folderexists(foldername)

HTH
Steve
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question