Solved

Security file path

Posted on 2008-06-13
5
166 Views
Last Modified: 2010-04-11
I need help experts.
I have created a website that has a function to upload files to the certain path and all the files that are uploading through the site are not secured and anyone, if they just type in the path of the file, can have access to it.  How do I prevent this and add more security to it?
I am using ASP classic and MS SQL server 2003.
Thank you.
0
Comment
Question by:erin027
  • 3
5 Comments
 
LVL 17

Expert Comment

by:CSecurity
ID: 21789824
You need to manage files using ASP, link to your files using ASP. Then put your files in somewhere which is not accessible from outside and using direct HTTP access. Then you can security checks, cookie checks, session checks etc. in ASP to prevent unwanted downloads.
You can do that like this:
Response.ClearHeaders();
Response.ClearContent();

Response.ContentType = "application/anytype"
Response.AddHeader("Content-Disposition", "attachment; filename="YourFileNameHere.extension")

Then with Response.Write write binary output of file you are trying to let user download.
0
 
LVL 17

Expert Comment

by:CSecurity
ID: 21789826
0
 
LVL 17

Accepted Solution

by:
CSecurity earned 500 total points
ID: 21789832
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SharePoint Online Security 5 66
How to keep XP in VM over Ubuntu from being Virus'd 22 92
PCI Compliance - mixing SAQs 6 31
ASP server side get value 15 24
Enterprise Password Manager Suites as well as Local Password managers are covered in this article.
With healthcare moving into the digital age with things like Healthcare.gov, the digitization of patient records and video conferencing with patients, data has a much greater chance of being exposed than ever before.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question