Hi all,
If in an ASP program, I need to display a pdf file link for users to print
and read. Is there any security issue? We are thinking about doing this is
many mail servers block emails with pdf file attachment. We just try to give
an opportunity to users to print the document themselves instead of
completely depending on email delivery.
Thank you.
--
Betty
Jan 31 '07
20  1563 
Evertjan,
Thank you so much for your detailed instruction. It's very helpful. I am
wondering why you use " if
instr(qstr,"404 ;http://domain.xyz:80/useoncedir/")>0 " instead of
"if instr(qstr,"htt p://domain.xyz:80/useoncedir/")>0", what is "404;" here
for?
When a page is request, based on your idea, what I need to do is get file
name from the query string and check the file name and timestamp in the
database, if the file exists and meet the time requirement, transfer the
file, otherwise, display an error page. Thank you.
--
Betty
"Evertjan." wrote:
=?Utf-8?B?YzY3NjIyOA= =?= wrote on 02 feb 2007 in
microsoft.publi c.inetserver.as p.general:
Hi Anthony and Everjan,
Thank you both for the ideas. I did use GUID to display a unique pdf
to a customer.
In order to hide the real pdf directory,
Here I think I can use Everjan's idea: make that link temporarily and
remove that pdf after like 10- 15 min. and thus we can hide the real
pdf directory.
Can you tell me what is the best way to
"The whole thing can be made virtual using a custom 404.asp,
catching all requests for:
http://domain.xyz/useoncedir/"
[Please do not toppost on usenet]
In custom 404.asp,
do something like this,
[this actual code not tested debug as required]
<%
qstr = lcase(Request.S erverVariables( "QUERY_STRING") )
'' this is my default picture if I have the link wrong:
if right(qstr,4)=" .jpg" or right(qstr,4)=" .gif" then
response.redire ct "/noPicFound404.g if"
end if
if instr(qstr,"404 ;http://domain.xyz:80/useoncedir/")>0 then
x = instr(qstr,"/useoncedir/")+len("/useoncedir/")
once = mid(qstr,x,99)
strFileName = "/secretfile10293 8/" & once
strFilePath = server.mappath( strFilename)
Set objFSO = Server.CreateOb ject("Scripting .FileSystemObje ct")
ok = false
if once = "file123.pd f" and now<#2007/02/02 23:27# then ok=true
if once = "file456.pd f" and now<#2007/02/03 20:27# then ok=true
if once = "file78A.pd f" and now<#2007/02/03 05:27# then ok=true
''' better use a database but the above is a simple form
if objFSO.FileExis ts(strFilePath) AND ok then
Set objStream = Server.CreateOb ject("ADODB.Str eam")
objStream.Open
objStream.Type = 1
objStream.LoadF romFile strFilePath
Response.Buffer = false
Response.Conten tType = "applicatio n/pdf"
Response.AddHea der "Content-Type", "applicatio n/pdf"
Response.AddHea der "Content-Disposition","i nline;filename= "&once
Response.Binary Write objStream.Read
Response.Flush
objStream.Close
Set objStream = Nothing
else
response.write "Sorry, nonexisting file"
end if
Set objFSO = Nothing
Response.end
end if
%>
<html>
........
This is the 404 page
........
</html>
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
=?Utf-8?B?YzY3NjIyOA= =?= wrote on 03 feb 2007 in
microsoft.publi c.inetserver.as p.general:
Evertjan,
Thank you so much for your detailed instruction. It's very helpful. I
am wondering why you use " if
instr(qstr,"404 ;http://domain.xyz:80/useoncedir/")>0 " instead of
"if instr(qstr,"htt p://domain.xyz:80/useoncedir/")>0", what is "404;"
here for?
When a page is request, based on your idea, what I need to do is get
file name from the query string and check the file name and timestamp
in the database, if the file exists and meet the time requirement,
transfer the file, otherwise, display an error page. Thank you.
--
Betty
>[Please do not toppost on usenet]
Dear Betty,
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet?
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
"c676228" <be****@communi ty.nospamwrote in message
news:54******** *************** ***********@mic rosoft.com...
Evertjan,
Thank you so much for your detailed instruction. It's very helpful. I am
wondering why you use " if
instr(qstr,"404 ;http://domain.xyz:80/useoncedir/")>0 " instead of
"if instr(qstr,"htt p://domain.xyz:80/useoncedir/")>0", what is "404;" here
for?
When a 404 error occurs IIS invokes the page designated to handle 404 errors
for the folder in which it occured. When this ASP script is executed the
error code generated and full URL of the requested page is placed in the
query string.
In some cases a developer may wish to have one handler page handler several
different error codes. The developer can use this error code prefix to
determine which error invoked the page.
"Evertjan." <ex************ **@interxnl.net wrote in message
news:Xn******** ************@19 4.109.133.242.. .
=?Utf-8?B?YzY3NjIyOA= =?= wrote on 03 feb 2007 in
microsoft.publi c.inetserver.as p.general:
Evertjan,
Thank you so much for your detailed instruction. It's very helpful. I
am wondering why you use " if
instr(qstr,"404 ;http://domain.xyz:80/useoncedir/")>0 " instead of
"if instr(qstr,"htt p://domain.xyz:80/useoncedir/")>0", what is "404;"
here for?
When a page is request, based on your idea, what I need to do is get
file name from the query string and check the file name and timestamp
in the database, if the file exists and meet the time requirement,
transfer the file, otherwise, display an error page. Thank you.
--
Betty
[Please do not toppost on usenet]
Dear Betty,
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet?
In your opinion. Evidently there are plenty of others who do not agree with
you.
Anthony Jones wrote on 03 feb 2007 in
microsoft.publi c.inetserver.as p.general:
>
"Evertjan." <ex************ **@interxnl.net wrote in message
news:Xn******** ************@19 4.109.133.242.. .
[..]
Betty
>[Please do not toppost on usenet]
Dear Betty,
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet?
In your opinion. Evidently there are plenty of others who do not
agree with you.
No matter Anthony, as you say it is my opinion, and a defendable one.
It seems you have no problem reading the above A-Q sequence, so be it.
Ignoring a polite request is another, if deliberate, with I doubt.
I don't want to condict a usenet conversation that way.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Anthony,
Thank you so much for the explanation. I got it.
--
Betty
"Anthony Jones" wrote:
>
"c676228" <be****@communi ty.nospamwrote in message
news:54******** *************** ***********@mic rosoft.com...
Evertjan,
Thank you so much for your detailed instruction. It's very helpful. I am
wondering why you use " if
instr(qstr,"404 ;http://domain.xyz:80/useoncedir/")>0 " instead of
"if instr(qstr,"htt p://domain.xyz:80/useoncedir/")>0", what is "404;" here
for?
When a 404 error occurs IIS invokes the page designated to handle 404 errors
for the folder in which it occured. When this ASP script is executed the
error code generated and full URL of the requested page is placed in the
query string.
In some cases a developer may wish to have one handler page handler several
different error codes. The developer can use this error code prefix to
determine which error invoked the page.
Evertjan,
To tell you the truth, it took me a while to figure out what top-post means.
I saw that in one of your other posts and I searched in the dictionary or
even web, but I didn't get the information. Now I get what you mean. Sorry, I
didn't mean to do it.
Probably is my english problem. It is not my regular way to present answer
first and question next, I am not even aware I did it and still wondering...
--
Betty
"Evertjan." wrote:
Anthony Jones wrote on 03 feb 2007 in
microsoft.publi c.inetserver.as p.general:
"Evertjan." <ex************ **@interxnl.net wrote in message
news:Xn******** ************@19 4.109.133.242.. .
[..]
Betty
[Please do not toppost on usenet]
Dear Betty,
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet?
In your opinion. Evidently there are plenty of others who do not
agree with you.
No matter Anthony, as you say it is my opinion, and a defendable one.
It seems you have no problem reading the above A-Q sequence, so be it.
Ignoring a polite request is another, if deliberate, with I doubt.
I don't want to condict a usenet conversation that way.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
c676228 wrote:
Evertjan,
To tell you the truth, it took me a while to figure out
what top-post means.
Seriously? Only four of the top five Google search results on [top post]
directly discuss the topic.
--
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.
On Sat, 3 Feb 2007 12:30:21 -0000, "Anthony Jones"
<An*@yadayadaya da.comwrote:
in <Oc************ **@TK2MSFTNGP05 .phx.gbl>
>
"c676228" <be****@communi ty.nospamwrote in message
news:54******* *************** ************@mi crosoft.com...
>Evertjan,
Thank you so much for your detailed instruction. It's very helpful. I am
wondering why you use " if
instr(qstr,"40 4;http://domain.xyz:80/useoncedir/")>0 " instead of
"if instr(qstr,"htt p://domain.xyz:80/useoncedir/")>0", what is "404;" here
for?
When a 404 error occurs IIS invokes the page designated to handle 404 errors
for the folder in which it occured. When this ASP script is executed the
error code generated and full URL of the requested page is placed in the
query string.
How or where do you find this folder specificity in W2K Server?
---
Stefan Berglund
"Stefan Berglund" <so************ **@for.mewrote in message
news:q4******** *************** *********@4ax.c om...
On Sat, 3 Feb 2007 12:30:21 -0000, "Anthony Jones"
<An*@yadayadaya da.comwrote:
in <Oc************ **@TK2MSFTNGP05 .phx.gbl>
"c676228" <be****@communi ty.nospamwrote in message
news:54******** *************** ***********@mic rosoft.com...
Evertjan,
Thank you so much for your detailed instruction. It's very helpful. I
am
wondering why you use " if
instr(qstr,"404 ;http://domain.xyz:80/useoncedir/")>0 " instead of
"if instr(qstr,"htt p://domain.xyz:80/useoncedir/")>0", what is "404;"
here
for?
When a 404 error occurs IIS invokes the page designated to handle 404
errors
for the folder in which it occured. When this ASP script is executed the
error code generated and full URL of the requested page is placed in the
query string.
How or where do you find this folder specificity in W2K Server?
Strictly speaking there isn't one. All properies are specific to the path
including the file name. However you have to jump through hoops to create a
404 handler specific to a file that doesn't actually exist hence the closest
you can get in practical terms is the immediate container of the file.
IIS stores the a set of custom error handlers for a path in a metabase
property 'HttpErrors' which is simply a list of error codes and the pages
that handle them.
Initiailly this property is only actually found in /LM/W3SVC/ all the sites
and folders under the sites inherit this property. Whenever this property
exists in a path down to the file itself the most specific entry is used.
Anthony. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Paul |
last post by:
Hello,
I've been reading up on security in Java Applets and whilst I understand
the concept, I can't successfully get my applet to read a file on my local
machine.
I discovered from http://java.sun.com/sfaq/#read:
-----
Sun's appletviewer allows applets to read files that are named on the access
control list for reading. The access control list for reading is null by
default, in the JDK. You can allow applets to read directories or files...
|
by: grahamd |
last post by:
Who are the appropriate people to report security problems to
in respect of a module included with the Python distribution?
I don't feel it appropriate to be reporting it on general mailing
lists.
|
by: craig |
last post by:
I am working on my first .NET development project that involves custom
role-based security per the project requirements. This lead to a general
design issue this week that really caused us some concern. I have described
the situation below because we are very curious to see what other, more
experienced, developers might suggest. The specific classes and fields are
used just to illustrate the concepts.
Our application uses role-based...
|
by: Ken Winters |
last post by:
Whenever I run the Repair/Compact on my database, the security settings on
the file change.
A 3rd party application can only access the database over the network when
the username "Everyone" is added to the "Group or user names" with access to
the file. But each time the Repair/Compact utility is run, it removes
"Everyone" from the list.
This is under Win2000. Can anyone offer some advise or suggestions?
Thanks
|
by: Joseph Geretz |
last post by:
I'm having a credentialing problem in my web application. Actually, I don't
think this is an IIS security issue, since I'm able to access the page I'm
requesting. However, the executing page itself is not able to access a
specific network resource and I just can't figure out why. First of all, let
me say this worked fine with IIS running on Win2000 Server. This has not
worked since I upgraded to Windows Server 2003.
My Platform: Windows...
| | |
by: Charles Leonard |
last post by:
I am having yet another issue with Windows Server 2003. This time, the web
service (a file import web service) appears to run except for one odd
message: "ActiveX component can't create object". There are no other
statements to indicate what object cannot be created. Otherwise, everything
on the test Windows Server 2003 works fine—all import data updates correctly.
Unfortunately, my normal development environment is not Windows...
|
by: Johann Pietschnig |
last post by:
Hi,
My Problem: I have a C# EXE which writes a TXT file with results. It works
perfect on my local computer, but when I try to run it from our network
server (Drive G:), I am getting a
System.Security.Permissions.SecurityPermission error.
I found a lot of hints on the internet, also the .NET Framework
Configuration Utility, but I was not successful at all.
Has somebody a very simple to understand solution, what I have to do, to
bring...
|
by: jmurphy95 |
last post by:
Hi there,
I have a Windows application that I'm running from a shared drive that
needs to access file/directory resources on other drives. I've done a
lot of reading, but a lot of the material out there relates to the 1.1
Framework as opposed to 2.0.
I've added the following lines to my AssemblyInfo.vb:
<Assembly: System.Security.AllowPartiallyTrustedCallers()>
<Assembly: System.Security.SecurityTreatAsSafe()>
|
by: rockdale |
last post by:
Hi, all:
My asp.net application calles MS speech 5.1 and generate a wav file on
server's path. Everything runs perfectly on my development machine. But
when I move the appl to production server, I always get ERROR: Access
is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).
First I thought its the permission problem, so I set permission of that
directory to everyone (not an secure idea, but for test only). I found
out that...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
