Solved

Security file path

Posted on 2008-06-13
5
167 Views
Last Modified: 2010-04-11
I need help experts.
I have created a website that has a function to upload files to the certain path and all the files that are uploading through the site are not secured and anyone, if they just type in the path of the file, can have access to it.  How do I prevent this and add more security to it?
I am using ASP classic and MS SQL server 2003.
Thank you.
0
Comment
Question by:erin027
  • 3
5 Comments
 
LVL 17

Expert Comment

by:CSecurity
ID: 21789824
You need to manage files using ASP, link to your files using ASP. Then put your files in somewhere which is not accessible from outside and using direct HTTP access. Then you can security checks, cookie checks, session checks etc. in ASP to prevent unwanted downloads.
You can do that like this:
Response.ClearHeaders();
Response.ClearContent();

Response.ContentType = "application/anytype"
Response.AddHeader("Content-Disposition", "attachment; filename="YourFileNameHere.extension")

Then with Response.Write write binary output of file you are trying to let user download.
0
 
LVL 17

Expert Comment

by:CSecurity
ID: 21789826
0
 
LVL 17

Accepted Solution

by:
CSecurity earned 500 total points
ID: 21789832
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question