473,560 Members | 2,953 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

File downloads

I have an Access db with usernames and passwords set up on a web site. Upon
signing in to a password protected asp page which contains a link to an exe
file, the user clicks the link and the browser asks to either Open or Save
the file.

All this works fine, but if the user simply types the full path to the file
in the address bar, the browser again asks the user to either Open or Save
the file - thus bypassing the security.

Is there a way to prevent this "back door" method of accessing the file or
would I have to set up an FTP mechanism. If so, How would I go about this?

Many thanks.
Jul 22 '05 #1
3 1242
One way would be to use Windows authentication on your site instead of users
and passwords in a database. This is often not a viable solution. So, the
more appropriate way would then be to store the .exe file outside of the WWW
area in the file system on your server, and then stream the file back to the
authenticated user:

ASP files: D:\Inetpub\thes ite
Path to the exe file: D:\Files\myfile .exe

<%
If Session("logged in") Then ''or whatever you're using to check for
login
FPath = "D:\Files\myfil e.exe"
Set adoStream = CreateObject("A DODB.Stream")
adoStream.Open( )
adoStream.Type = 1
adoStream.LoadF romFile(FPath)
Response.Binary Write adoStream.Read( )
adoStream.Close : Set adoStream = Nothing
Response.End
Else
Response.Redire ct "/login.asp"
End If
%>

Adapted from http://www.aspfaq.com/show.asp?id=2276

Ray at work
"Pete" <Pe**@discussio ns.microsoft.co m> wrote in message
news:A6******** *************** ***********@mic rosoft.com...
I have an Access db with usernames and passwords set up on a web site. Upon signing in to a password protected asp page which contains a link to an exe file, the user clicks the link and the browser asks to either Open or Save
the file.

All this works fine, but if the user simply types the full path to the file in the address bar, the browser again asks the user to either Open or Save
the file - thus bypassing the security.

Is there a way to prevent this "back door" method of accessing the file or
would I have to set up an FTP mechanism. If so, How would I go about this?

Many thanks.

Jul 22 '05 #2
You can try something like http://www.aspfaq.com/show.asp?id=2276

--
--Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com

"Pete" <Pe**@discussio ns.microsoft.co m> wrote in message
news:A6******** *************** ***********@mic rosoft.com...
I have an Access db with usernames and passwords set up on a web site. Upon
signing in to a password protected asp page which contains a link to an
exe
file, the user clicks the link and the browser asks to either Open or Save
the file.

All this works fine, but if the user simply types the full path to the
file
in the address bar, the browser again asks the user to either Open or Save
the file - thus bypassing the security.

Is there a way to prevent this "back door" method of accessing the file or
would I have to set up an FTP mechanism. If so, How would I go about this?

Many thanks.

Jul 22 '05 #3
...
1- You can make a Field in your Access Database in OLE object type .
And then insert files in database not in a path or folder .
of course it is not a method with good performance .
Authentication and Authorization will do from database .

2- Make a folder outside wwwroot and rename it to "uploads" then
copy all secured files in it . Now for addressing use this code
<a href='<% Server.MapPath( "../uploads/yourfile1.zip") %>'>Link</a>
When user click on link must enter Username and Password that
made in Windows .
...

"Pete" wrote:
I have an Access db with usernames and passwords set up on a web site. Upon
signing in to a password protected asp page which contains a link to an exe
file, the user clicks the link and the browser asks to either Open or Save
the file.

All this works fine, but if the user simply types the full path to the file
in the address bar, the browser again asks the user to either Open or Save
the file - thus bypassing the security.

Is there a way to prevent this "back door" method of accessing the file or
would I have to set up an FTP mechanism. If so, How would I go about this?

Many thanks.

Jul 22 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
6098
by: Brandon Walters | last post by:
I wrote a file download module for my website. The reason for the file download module is that my website downloads work on a credit based system. So I need to keep track of and limit daily downloads. It uses fpassthru() and some headers() to send a file to the requesting user. The get.php file that I wrote (the file download module if you...
10
4740
by: StevePBurgess | last post by:
I would like to make my downloads section unbrowsable (to users) but accessible to scripts. Can I deliver a file to a browser without linking to it's URL so that I can deliver files programmatically but prevent users from browsing or linking to them? I am using PHP on an apache server. Ta
1
1837
by: Jeff Cooper | last post by:
Hey there folks, I have a link on a page which I would like to point to string that's downloaded as a file -- a *.tab file to be exact. The link points to a file (download.aspx) which contains no html but uses response.write to send the data to the client who then downloads it. Problem is, unless I get the target attribute of the link to...
7
3376
by: Mustafa Rabie | last post by:
Hi All, I want to add autodownload like all the one in Downloads.com. When u click download now link it redirects you to a page that the file downloads the application after the page is loaded. how can i do that? thanks mustafa
10
2709
by: Atley | last post by:
I am trying to make sure that an MDB is not in use and then delete it. If it is in use, I want to automatically disconnect all the users and then delete the file. Any suggestions are welcome.
16
3228
by: matt | last post by:
I have used some free code for listing files for download, but I want to send an email to the administrator when the file has been downloaded. I have got some code in here that does it, but it will not print in the username or email amddress of the person doing the download - which I am collecting from a form on the previous page. I can get...
1
1596
by: CodeMonkey | last post by:
Hi all, I have an ASP .NET 2.0 project with the following path on my dev machine: D:\Profiles\MyUsername\My Documents\Visual Studio 2005\Projects \abcWebSite2007\abcWebSite2007\Somefile.aspx I have a Downloads foler in the above parent folder like this: D:\Profiles\MyUsername\My Documents\Visual Studio 2005\Projects
21
2444
nathj
by: nathj | last post by:
Hi, I am currently working on a new site that offers various files for download. The file information is stored in a MySQL database and the page is produced in PHP depending on how the user got to the page: <?php session_start(); $_SESSION = $_SESSION; // set to whatever is, as you can only access this page from within a top level...
7
2809
by: =?Utf-8?B?QU9UWCBTYW4gQW50b25pbw==?= | last post by:
Hi, I have been using the code (some of it has been removed for simplicity) below to allow authenticated (using ASP.NET membership database) users to get a file from their archive area. It seems to work fine, however I noticed that no web log entry is added when a successful download occurs (normally a 200 HTTP status code, however, if...
1
47384
KevinADC
by: KevinADC | last post by:
Note: You may skip to the end of the article if all you want is the perl code. Introduction Many websites have a form or a link you can use to download a file. You click a form button or click on a link and after a moment or two a file download dialog box pops-up in your web browser and prompts you for some instructions, such as “open” or...
0
7841
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
1
7596
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
7920
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
1
5458
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
5175
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3605
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3585
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1169
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
0
877
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.