Solved

Security file path

Posted on 2008-06-13
5
168 Views
Last Modified: 2010-04-11
I need help experts.
I have created a website that has a function to upload files to the certain path and all the files that are uploading through the site are not secured and anyone, if they just type in the path of the file, can have access to it.  How do I prevent this and add more security to it?
I am using ASP classic and MS SQL server 2003.
Thank you.
0
Comment
Question by:erin027
  • 3
5 Comments
 
LVL 17

Expert Comment

by:CSecurity
ID: 21789824
You need to manage files using ASP, link to your files using ASP. Then put your files in somewhere which is not accessible from outside and using direct HTTP access. Then you can security checks, cookie checks, session checks etc. in ASP to prevent unwanted downloads.
You can do that like this:
Response.ClearHeaders();
Response.ClearContent();

Response.ContentType = "application/anytype"
Response.AddHeader("Content-Disposition", "attachment; filename="YourFileNameHere.extension")

Then with Response.Write write binary output of file you are trying to let user download.
0
 
LVL 17

Expert Comment

by:CSecurity
ID: 21789826
0
 
LVL 17

Accepted Solution

by:
CSecurity earned 500 total points
ID: 21789832
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Website and email setup 4 58
Windows Security Pop-Up 7 65
security group 2 19
Password recovery or reset Windows 10 home Premium 8 47
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question