Solved

Upload image in non web accessible folder

Posted on 2004-03-30
9
322 Views
Last Modified: 2008-02-01
Hi experts,

We are developing a website where we enable users to upload images on our server. Right now I am storing the image in our database, without having an actual copy of it on our server. However, for creating the proofs, the customer needs the actual jpg/gif files.

The web hosting company only has ASP SimpleUpload installed, and they don't allow anonymous uploads to the server. They did mention that we could use a non web accessible folder, upload our images there, and later on move that image to the desired folder.

I just wanted to know a little more about what non web accessible folders are, how they provide the security over other folders, and how I can use them in my situation.

Would this code work to upload the file to the folder?
Dim File
  For Each File In MyUploader.Files.Items
    File.SaveToDisk Server.Mappath("../uploadimage") 'to store image in uploadimage folder
  Next

And then to move the file, I could use
<%
Dim fso

set fso = Server.CreateObject("Scripting.FileSystemObject")
fso.MoveFile "C:\source.txt", "C:\anotherfolder\source.txt"

Set fso = Nothing
%>

Do I really need to use ASP Simple Upload, aor do I need to ask for other components?

Thanks in advance

0
Comment
Question by:poshlivin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 28

Assisted Solution

by:sybe
sybe earned 50 total points
ID: 10714284
Dim File

For Each File In MyUploader.Files.Items
    File.SaveToDisk "C:\temp"  
Next
0
 
LVL 11

Accepted Solution

by:
mouatts earned 250 total points
ID: 10715100
A non web accessible fold is more secure than a web accessible one because it is out side of the root/home directory of the web server and therefore it is impossible for someone to type a URL in to a browser ro get to the directory even with ../ etc in it. For this same reason commands such as server.mappath will never work with it (the use in your example is fine).

For example if the server root is set to d:\websites\www then d:\websites\data is inaccessible (you can't use ../data in a URL because so far as the server is concerned there is no where to go above www.

The gist of your code (or Sybes) should be fine but I question slightly what your host is saying about not allowing anonymous uploads. I guess they could be saying that none of the directories within you site will have write access from the webserver. In which case Sybes code would work but yours wouldn't. I am assuming this as opposed to something more sophisicated like restricting access to the component its self to a non anonymous account (I can't quite get my head around that but I suspect that it can be done).

If I am correct in this assumption then any upload component or the ADO Stream method of uploading (and these are you onbly choices) is going to be similarly restricted.

If you've got a working component then you may as well use it.

HTH
Steve


0
 

Author Comment

by:poshlivin
ID: 10715360
Thanks for the info. There is a little more i want to clarify - would my ASP pages be able to upload into the non web accessible folder?

If so, I guess Sybe's code would work right? And I should also be able to move from that folder onto my website folder, right?
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 11

Expert Comment

by:mouatts
ID: 10715474
If your hosts are simply not allowing any of your web accessible folders to have write access then yes you should be able to upload into the non accessible ones in the way sybes has suggested. But you will not be able to copy from there to your accessible ones with ASP because the server doesn't have write access!

You could still get to them and even display the images using the ADO Stream method I mentioned earlier to output them but it doesn't seem like a very suitable approach to be honest.

I'd suggest that you give it a test your self with the host just to check that the comment about non-accessible folders is indeed correct.

Steve
0
 

Author Comment

by:poshlivin
ID: 10716991
The web admin said he has restricted browser access to the folder UploadedFile, but only given write and execute permissions to it.

Would that be good enough to allow uploads?
0
 
LVL 11

Expert Comment

by:mouatts
ID: 10718129
Yes that should be ok although its a bit dodgy allowing write and execute permissions but thats his problem.

Steve
0
 

Author Comment

by:poshlivin
ID: 10718178
So now I used the code

 For Each File In MyUploader.Files.Items
    File.SaveToDisk ("UploadedFile") 'to store image in uploadimage folder
  Next

I have set a prompt to list all the file names and sizes uploaded.
Although I see those prompts, the file never gets writtten :(
0
 

Author Comment

by:poshlivin
ID: 10718617
My Mistake....
I used Server.MapPath instead of just the fiel name, and it's uploading the file alright!

Just one more question (and i am raising points on this)

How do I dynamically create a folder through ASP on my server?
Say user1 uploads an image - then I have to create a folder in his name and then move the files from the non web accessible folder to his folder. Is it possible?

Thanks
0
 
LVL 11

Expert Comment

by:mouatts
ID: 10719289
use the filesystemobject method of createfolder eg
fso.createfolder(foldername)

this will generate an error if the folder already exists so you need to check for its existence first with fso.folderexists(foldername)

HTH
Steve
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question