Creating a file Manager
I'm creating a file manager for a client with classic asp. All files in the folder should only be accessible upon login. Each user has their own unique login id. It works fine until one day someone google search the file and manage to open the file directly from the google link. Is there anyway for me to prevent anyone who has the exact url link to download the file.
Lee W, MVP
Just a thought... use a session variable to note that a login has been successful. Then on every page (perhaps with an include) verify that session variable is set appropriately - if not, redirect to a login page.
I think the problem is even if you password protect your page, the actual file can be surfed to. So one option is to update your robots.txt. But that does not mean another bot will respect it. A 2nd option will be to simply lock down the folder and give everybody the same password. But that is not always easy to manage. Check out AspUpload http://www.aspupload.com. There is a also a download feature http://www.aspupload.com/manual_misc.html#9_2 where you can place your files in a locked down folder and the com object can access the locked down folder as a user. http://www.aspupload.com/manual_security.html
It's not free, but for $200 it is cheaper then trying to recreate it on your own time. If you are hosted on a shared service, check with your host, many hosts will already have this installed and ready to go.
It's not free, but for $200 it is cheaper then trying to recreate it on your own time. If you are hosted on a shared service, check with your host, many hosts will already have this installed and ready to go.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
sybe, I tried your code with the following:
<%
WriteFileToBrowser "D:\inetpub\wwwroot\hidden
%>
Works great. I like the ability to change the image name too. However, if the site is on a shared server, it is possible that you do not have access to a folder outside of the www directory. If that is the case, it is still possible that the "hidden" directory can be cached by a search engine. So if there is a way to add to your code a way to impersonate permissions from something other then "everyone" and remove read permissions from "everyone", that would make your solution work for those types of shared servers that cna't access outside the www folder.
<%
WriteFileToBrowser "D:\inetpub\wwwroot\hidden
%>
Works great. I like the ability to change the image name too. However, if the site is on a shared server, it is possible that you do not have access to a folder outside of the www directory. If that is the case, it is still possible that the "hidden" directory can be cached by a search engine. So if there is a way to add to your code a way to impersonate permissions from something other then "everyone" and remove read permissions from "everyone", that would make your solution work for those types of shared servers that cna't access outside the www folder.