473,737 Members | 7,907 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

File downloads

I have an Access db with usernames and passwords set up on a web site. Upon
signing in to a password protected asp page which contains a link to an exe
file, the user clicks the link and the browser asks to either Open or Save
the file.

All this works fine, but if the user simply types the full path to the file
in the address bar, the browser again asks the user to either Open or Save
the file - thus bypassing the security.

Is there a way to prevent this "back door" method of accessing the file or
would I have to set up an FTP mechanism. If so, How would I go about this?

Many thanks.
Jul 22 '05 #1
3 1254
One way would be to use Windows authentication on your site instead of users
and passwords in a database. This is often not a viable solution. So, the
more appropriate way would then be to store the .exe file outside of the WWW
area in the file system on your server, and then stream the file back to the
authenticated user:

ASP files: D:\Inetpub\thes ite
Path to the exe file: D:\Files\myfile .exe

<%
If Session("logged in") Then ''or whatever you're using to check for
login
FPath = "D:\Files\myfil e.exe"
Set adoStream = CreateObject("A DODB.Stream")
adoStream.Open( )
adoStream.Type = 1
adoStream.LoadF romFile(FPath)
Response.Binary Write adoStream.Read( )
adoStream.Close : Set adoStream = Nothing
Response.End
Else
Response.Redire ct "/login.asp"
End If
%>

Adapted from http://www.aspfaq.com/show.asp?id=2276

Ray at work
"Pete" <Pe**@discussio ns.microsoft.co m> wrote in message
news:A6******** *************** ***********@mic rosoft.com...
I have an Access db with usernames and passwords set up on a web site. Upon signing in to a password protected asp page which contains a link to an exe file, the user clicks the link and the browser asks to either Open or Save
the file.

All this works fine, but if the user simply types the full path to the file in the address bar, the browser again asks the user to either Open or Save
the file - thus bypassing the security.

Is there a way to prevent this "back door" method of accessing the file or
would I have to set up an FTP mechanism. If so, How would I go about this?

Many thanks.

Jul 22 '05 #2
You can try something like http://www.aspfaq.com/show.asp?id=2276

--
--Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com

"Pete" <Pe**@discussio ns.microsoft.co m> wrote in message
news:A6******** *************** ***********@mic rosoft.com...
I have an Access db with usernames and passwords set up on a web site. Upon
signing in to a password protected asp page which contains a link to an
exe
file, the user clicks the link and the browser asks to either Open or Save
the file.

All this works fine, but if the user simply types the full path to the
file
in the address bar, the browser again asks the user to either Open or Save
the file - thus bypassing the security.

Is there a way to prevent this "back door" method of accessing the file or
would I have to set up an FTP mechanism. If so, How would I go about this?

Many thanks.

Jul 22 '05 #3
...
1- You can make a Field in your Access Database in OLE object type .
And then insert files in database not in a path or folder .
of course it is not a method with good performance .
Authentication and Authorization will do from database .

2- Make a folder outside wwwroot and rename it to "uploads" then
copy all secured files in it . Now for addressing use this code
<a href='<% Server.MapPath( "../uploads/yourfile1.zip") %>'>Link</a>
When user click on link must enter Username and Password that
made in Windows .
...

"Pete" wrote:
I have an Access db with usernames and passwords set up on a web site. Upon
signing in to a password protected asp page which contains a link to an exe
file, the user clicks the link and the browser asks to either Open or Save
the file.

All this works fine, but if the user simply types the full path to the file
in the address bar, the browser again asks the user to either Open or Save
the file - thus bypassing the security.

Is there a way to prevent this "back door" method of accessing the file or
would I have to set up an FTP mechanism. If so, How would I go about this?

Many thanks.

Jul 22 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
6128
by: Brandon Walters | last post by:
I wrote a file download module for my website. The reason for the file download module is that my website downloads work on a credit based system. So I need to keep track of and limit daily downloads. It uses fpassthru() and some headers() to send a file to the requesting user. The get.php file that I wrote (the file download module if you will) works like a charm for .ZIP files and .TXT files. However, when .EXE files are downloaded...
10
4755
by: StevePBurgess | last post by:
I would like to make my downloads section unbrowsable (to users) but accessible to scripts. Can I deliver a file to a browser without linking to it's URL so that I can deliver files programmatically but prevent users from browsing or linking to them? I am using PHP on an apache server. Ta
1
1847
by: Jeff Cooper | last post by:
Hey there folks, I have a link on a page which I would like to point to string that's downloaded as a file -- a *.tab file to be exact. The link points to a file (download.aspx) which contains no html but uses response.write to send the data to the client who then downloads it. Problem is, unless I get the target attribute of the link to _blank, then any javascript I have sitting on the page gives me an "access is denied" error, but...
7
3387
by: Mustafa Rabie | last post by:
Hi All, I want to add autodownload like all the one in Downloads.com. When u click download now link it redirects you to a page that the file downloads the application after the page is loaded. how can i do that? thanks mustafa
10
2721
by: Atley | last post by:
I am trying to make sure that an MDB is not in use and then delete it. If it is in use, I want to automatically disconnect all the users and then delete the file. Any suggestions are welcome.
16
3255
by: matt | last post by:
I have used some free code for listing files for download, but I want to send an email to the administrator when the file has been downloaded. I have got some code in here that does it, but it will not print in the username or email amddress of the person doing the download - which I am collecting from a form on the previous page. I can get the name and email address to print out normally, just not into the email sending body. I have...
1
1606
by: CodeMonkey | last post by:
Hi all, I have an ASP .NET 2.0 project with the following path on my dev machine: D:\Profiles\MyUsername\My Documents\Visual Studio 2005\Projects \abcWebSite2007\abcWebSite2007\Somefile.aspx I have a Downloads foler in the above parent folder like this: D:\Profiles\MyUsername\My Documents\Visual Studio 2005\Projects
21
2472
nathj
by: nathj | last post by:
Hi, I am currently working on a new site that offers various files for download. The file information is stored in a MySQL database and the page is produced in PHP depending on how the user got to the page: <?php session_start(); $_SESSION = $_SESSION; // set to whatever is, as you can only access this page from within a top level section ?> <!--
7
2831
by: =?Utf-8?B?QU9UWCBTYW4gQW50b25pbw==?= | last post by:
Hi, I have been using the code (some of it has been removed for simplicity) below to allow authenticated (using ASP.NET membership database) users to get a file from their archive area. It seems to work fine, however I noticed that no web log entry is added when a successful download occurs (normally a 200 HTTP status code, however, if there is an authorization failure, it gets logged). I have a logging routine that logs a successful...
1
47476
KevinADC
by: KevinADC | last post by:
Note: You may skip to the end of the article if all you want is the perl code. Introduction Many websites have a form or a link you can use to download a file. You click a form button or click on a link and after a moment or two a file download dialog box pops-up in your web browser and prompts you for some instructions, such as “open” or “save“. I’m going to show you how to do that using a perl script. What You Need Any recent...
0
8968
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9473
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9334
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
9208
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
8208
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
6053
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4824
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
2744
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
2193
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.