Greg wrote on 18 apr 2006 in microsoft.public.inetserver.asp.general:
I need to be able to secure files on my web server. I am using asp to
secure access to links and pages, for example:
<%If Session("manager")=FALSE Then%>
You are not authorized to view this page
<%Else%>
<<<Page Code>>>
<%End If%>
The place I'm running into problems is with files. I have a lot of
charts and such in PDF version. I kind of doubt there is a way to
secure these files with asp, but I thought it would be worth a try. My
biggest issue is that PDFs are stored in the browser's history, so once
the page has been accessed, anyone using the browser can get to that
unsecured PDF. As a brute force fix, is there some way to simply erase
the site from the browser history? If not, is there a way to secure
the PDF, or does someone know of a better group to post on? Thanks!
You can try to start an .pdf or .jpg with:
<%If NOT Session("manager")="ok" Then server.transfer "/404.asp"%>
No Newline after the %> !!!
If the bitstream of the file contains no <% then this usually works
=================
Second option:
put the .pdf ot whatever in a directory outside the root,
or at least in a directory with a secret name.
Then send the file with:
<% ' myPdf.asp
If Session("manager")="ok" Then
pdf "/secretdirectoryQWERTYUIOP/myPdf.pdf"
function pdf(strFileName)
Response.Clear
strFilePath=server.mappath(strFilename)
Set objStream = Server.CreateObject("ADODB.Stream")
objStream.Open
objStream.Type = 1
objStream.LoadFromFile strFilePath
Response.ContentType = "application/pdf"
Response.BinaryWrite objStream.Read
objStream.Close
Set objStream = Nothing
Response.end
end function
end if
response.status = "404 Not Found" ' so searchbots will go away
%>
<html>
<body style='font-size:30pt;'>
No admittance! ;-(
</body>
</html>
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)