Solved

Upload image in non web accessible folder

Posted on 2004-03-30
9
317 Views
Last Modified: 2008-02-01
Hi experts,

We are developing a website where we enable users to upload images on our server. Right now I am storing the image in our database, without having an actual copy of it on our server. However, for creating the proofs, the customer needs the actual jpg/gif files.

The web hosting company only has ASP SimpleUpload installed, and they don't allow anonymous uploads to the server. They did mention that we could use a non web accessible folder, upload our images there, and later on move that image to the desired folder.

I just wanted to know a little more about what non web accessible folders are, how they provide the security over other folders, and how I can use them in my situation.

Would this code work to upload the file to the folder?
Dim File
  For Each File In MyUploader.Files.Items
    File.SaveToDisk Server.Mappath("../uploadimage") 'to store image in uploadimage folder
  Next

And then to move the file, I could use
<%
Dim fso

set fso = Server.CreateObject("Scripting.FileSystemObject")
fso.MoveFile "C:\source.txt", "C:\anotherfolder\source.txt"

Set fso = Nothing
%>

Do I really need to use ASP Simple Upload, aor do I need to ask for other components?

Thanks in advance

0
Comment
Question by:poshlivin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 28

Assisted Solution

by:sybe
sybe earned 50 total points
ID: 10714284
Dim File

For Each File In MyUploader.Files.Items
    File.SaveToDisk "C:\temp"  
Next
0
 
LVL 11

Accepted Solution

by:
mouatts earned 250 total points
ID: 10715100
A non web accessible fold is more secure than a web accessible one because it is out side of the root/home directory of the web server and therefore it is impossible for someone to type a URL in to a browser ro get to the directory even with ../ etc in it. For this same reason commands such as server.mappath will never work with it (the use in your example is fine).

For example if the server root is set to d:\websites\www then d:\websites\data is inaccessible (you can't use ../data in a URL because so far as the server is concerned there is no where to go above www.

The gist of your code (or Sybes) should be fine but I question slightly what your host is saying about not allowing anonymous uploads. I guess they could be saying that none of the directories within you site will have write access from the webserver. In which case Sybes code would work but yours wouldn't. I am assuming this as opposed to something more sophisicated like restricting access to the component its self to a non anonymous account (I can't quite get my head around that but I suspect that it can be done).

If I am correct in this assumption then any upload component or the ADO Stream method of uploading (and these are you onbly choices) is going to be similarly restricted.

If you've got a working component then you may as well use it.

HTH
Steve


0
 

Author Comment

by:poshlivin
ID: 10715360
Thanks for the info. There is a little more i want to clarify - would my ASP pages be able to upload into the non web accessible folder?

If so, I guess Sybe's code would work right? And I should also be able to move from that folder onto my website folder, right?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Expert Comment

by:mouatts
ID: 10715474
If your hosts are simply not allowing any of your web accessible folders to have write access then yes you should be able to upload into the non accessible ones in the way sybes has suggested. But you will not be able to copy from there to your accessible ones with ASP because the server doesn't have write access!

You could still get to them and even display the images using the ADO Stream method I mentioned earlier to output them but it doesn't seem like a very suitable approach to be honest.

I'd suggest that you give it a test your self with the host just to check that the comment about non-accessible folders is indeed correct.

Steve
0
 

Author Comment

by:poshlivin
ID: 10716991
The web admin said he has restricted browser access to the folder UploadedFile, but only given write and execute permissions to it.

Would that be good enough to allow uploads?
0
 
LVL 11

Expert Comment

by:mouatts
ID: 10718129
Yes that should be ok although its a bit dodgy allowing write and execute permissions but thats his problem.

Steve
0
 

Author Comment

by:poshlivin
ID: 10718178
So now I used the code

 For Each File In MyUploader.Files.Items
    File.SaveToDisk ("UploadedFile") 'to store image in uploadimage folder
  Next

I have set a prompt to list all the file names and sizes uploaded.
Although I see those prompts, the file never gets writtten :(
0
 

Author Comment

by:poshlivin
ID: 10718617
My Mistake....
I used Server.MapPath instead of just the fiel name, and it's uploading the file alright!

Just one more question (and i am raising points on this)

How do I dynamically create a folder through ASP on my server?
Say user1 uploads an image - then I have to create a folder in his name and then move the files from the non web accessible folder to his folder. Is it possible?

Thanks
0
 
LVL 11

Expert Comment

by:mouatts
ID: 10719289
use the filesystemobject method of createfolder eg
fso.createfolder(foldername)

this will generate an error if the folder already exists so you need to check for its existence first with fso.folderexists(foldername)

HTH
Steve
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:   The Exchange of informatio…
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question