Lets say I have a folder
members/3/
in this folder are images
I have a login page that connects to a database to retrieve user info.
After login the user is directed to a page that lists the files in the above
directory. Now lets say some other user goes to the directory and types in
members/3/image1.jpg he/she will now see the image. How can I stop this
without using ntfs permissions.
Any Ideas
Ron Gibson 7 1683
dont store the image in the www path, store it outside of it and stream it
to the client.
--
Curt Christianson
Owner/Lead Developer, DF-Software
Site: http://www.Darkfalz.com
Blog: http://blog.Darkfalz.com
"Ron Gibson" <as*******@comcast.net> wrote in message
news:uz**************@tk2msftngp13.phx.gbl... Lets say I have a folder
members/3/
in this folder are images
I have a login page that connects to a database to retrieve user info. After login the user is directed to a page that lists the files in the above directory. Now lets say some other user goes to the directory and types in members/3/image1.jpg he/she will now see the image. How can I stop this without using ntfs permissions.
Any Ideas
Ron Gibson
Keep the images outside of the WWW area and then "stream" the binary data
back when you need an authenticated user requests an image. http://www.aspfaq.com/show.asp?id=2276
That sample is for preventing hot-linking, which is different, but the
concept is the same. Instead of building the if/then off validating the
referer, you'd build it off whatever mechanism you're using to determine if
a user is logged in and is authorized to the image. Example:
If Session("LoggedIn") = 1 Then
''code to stream image
Else
Response.Redirect "/login.asp"
End If
Ray at work
"Ron Gibson" <as*******@comcast.net> wrote in message
news:uz**************@tk2msftngp13.phx.gbl... Lets say I have a folder
members/3/
in this folder are images
I have a login page that connects to a database to retrieve user info. After login the user is directed to a page that lists the files in the
above directory. Now lets say some other user goes to the directory and types
in members/3/image1.jpg he/she will now see the image. How can I stop this without using ntfs permissions.
Any Ideas
Ron Gibson
Curt_C [MVP] wrote on 21 dec 2004 in
microsoft.public.inetserver.asp.general: dont store the image in the www path, store it outside of it and stream it to the client.
Some dirty programming:
Rename a .jpg to .asp and put some code in front of the jpg code with an
ascii editor, like this:
<% Response.Expires = 0 %>
<% Response.Buffer=True%>
<!--#include virtual ="/testforlogin.asp"-->ÿØÿà....[etc jpg code]
As long as the jpg code has no <% this dirty programming works!
[some have many have not, just try.]
If it has, you will need the streaming solution.
Take care: no space or return after the > in >ÿØÿ
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
I would really move away from such a "dirty" trick !!
Patrice
--
"Evertjan." <ex**************@interxnl.net> a écrit dans le message de
news:Xn********************@194.109.133.29... Curt_C [MVP] wrote on 21 dec 2004 in microsoft.public.inetserver.asp.general:
dont store the image in the www path, store it outside of it and stream it to the client.
Some dirty programming:
Rename a .jpg to .asp and put some code in front of the jpg code with an ascii editor, like this:
<% Response.Expires = 0 %> <% Response.Buffer=True%> <!--#include virtual ="/testforlogin.asp"-->ÿØÿà....[etc jpg code]
As long as the jpg code has no <% this dirty programming works! [some have many have not, just try.]
If it has, you will need the streaming solution.
Take care: no space or return after the > in >ÿØÿ
-- Evertjan. The Netherlands. (Please change the x'es to dots in my emailaddress)
Patrice wrote on 21 dec 2004 in microsoft.public.inetserver.asp.general: "Evertjan." <ex**************@interxnl.net> a écrit dans le message de Some dirty programming: Rename a .jpg to .asp and put some code in front of the jpg code ... I would really move away from such a "dirty" trick !!
I could have felt something for your point of view,
if you hadn't topposted.
As it is, such a dirty trick is a joy forever,
and is easy programming too.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
On 21 Dec 2004 16:13:14 GMT, "Evertjan."
<ex**************@interxnl.net> wrote: Curt_C [MVP] wrote on 21 dec 2004 in microsoft.public.inetserver.asp.general:
dont store the image in the www path, store it outside of it and stream it to the client.
Some dirty programming:
Rename a .jpg to .asp and put some code in front of the jpg code with an ascii editor, like this:
<% Response.Expires = 0 %> <% Response.Buffer=True%> <!--#include virtual ="/testforlogin.asp"-->ÿØÿà....[etc jpg code]
As long as the jpg code has no <% this dirty programming works! [some have many have not, just try.]
If it has, you will need the streaming solution.
The problem with this is you've created a non-standard file and can't
guarantee it will always work for users now and in the future.
Streaming is a more appropriate method for scalability and
compatibility.
Jeff
Jeff Cochran wrote on 22 dec 2004 in
microsoft.public.inetserver.asp.general: <% Response.Expires = 0 %> <% Response.Buffer=True%> <!--#include virtual ="/testforlogin.asp"-->ÿØÿà....[etc jpg code]
As long as the jpg code has no <% this dirty programming works! [some have many have not, just try.]
If it has, you will need the streaming solution.
The problem with this is you've created a non-standard file and can't guarantee it will always work for users now and in the future. Streaming is a more appropriate method for scalability and compatibility.
If you mean "client" by "user" [and not serverside ASP version], you are
incorrect.
The rendered "stream" of the .asp file has the same content as the
streaming version, so for the browser there is no difference.
Possibly new versions of ASP could stirr up errors, but so could the
streaming code.
Dirty coding, like the dying of links, have to be monitored, but that is
a webmasters fact of life anyway.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress) This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Ram |
last post by:
Hey,
I'v managed to find a way of adding NTFS permissions to a certain folder,
But the problem is, the folder has a couple of inherited permissions which I
want to delete.
How can I remove the...
|
by: Steven |
last post by:
Does anyone know if there is a way to check the access
permissions of different users using C#? I need to know
if a user has full control or if they have read only
access or none to a certain...
|
by: VP |
last post by:
Hi there,
well i am stuck on a problem with regards to obtaining security
permissions on folders. At the moment I have created a simple treeview
example which shows all sub-directories in a tree...
|
by: Wm. Scott Miller |
last post by:
We have a intranet site that allows one of our departments to search a set
of pdfs and then look at them. Only problem is that only they and us geeks
should be allowed to see the pdfs. We have it...
|
by: Andrew |
last post by:
Hey all,
Working on revamping our Intranet here and making use of the LDPA, Active
Directory, Directory Services, etc. that .Net provides. I am still fairly
new on this subject, so the problem...
|
by: Ram |
last post by:
Hey,
I'v managed to find a way of adding NTFS permissions to a certain folder,
But the problem is, the folder has a couple of inherited permissions which I
want to delete.
How can I remove the...
|
by: theWizard1 |
last post by:
Using Asp.NET 1.1, and C#.
I have a directory for the website, and a directory under it named Secure.
I have a web.config in each of the above directories. The web.config in the
Secure...
|
by: Joe S. |
last post by:
I've been looking into the My.Computer.FileSystem.CopyDirectory method and I
need a way to copy a directory and keep its NTFS permissions (even if it's a
mapped drive).
Do I need to use the...
|
by: Max Vit |
last post by:
I have been toying with the idea of having an Active Directory
authentication / authorisation functionality in MS Access; but there
is not much useful info around.
I have built these...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| |