?
Solved

Security file path

Posted on 2008-06-13
5
Medium Priority
?
173 Views
Last Modified: 2010-04-11
I need help experts.
I have created a website that has a function to upload files to the certain path and all the files that are uploading through the site are not secured and anyone, if they just type in the path of the file, can have access to it.  How do I prevent this and add more security to it?
I am using ASP classic and MS SQL server 2003.
Thank you.
0
Comment
Question by:erin027
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 17

Expert Comment

by:CSecurity
ID: 21789824
You need to manage files using ASP, link to your files using ASP. Then put your files in somewhere which is not accessible from outside and using direct HTTP access. Then you can security checks, cookie checks, session checks etc. in ASP to prevent unwanted downloads.
You can do that like this:
Response.ClearHeaders();
Response.ClearContent();

Response.ContentType = "application/anytype"
Response.AddHeader("Content-Disposition", "attachment; filename="YourFileNameHere.extension")

Then with Response.Write write binary output of file you are trying to let user download.
0
 
LVL 17

Expert Comment

by:CSecurity
ID: 21789826
0
 
LVL 17

Accepted Solution

by:
CSecurity earned 2000 total points
ID: 21789832
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question