469,286 Members | 2,442 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,286 developers. It's quick & easy.

File protection

I need to be able to secure files on my web server. I am using asp to
secure access to links and pages, for example:

<%If Session("manager")=FALSE Then%>
You are not authorized to view this page
<%Else%>
<<<Page Code>>>
<%End If%>

The place I'm running into problems is with files. I have a lot of
charts and such in PDF version. I kind of doubt there is a way to
secure these files with asp, but I thought it would be worth a try. My
biggest issue is that PDFs are stored in the browser's history, so once
the page has been accessed, anyone using the browser can get to that
unsecured PDF. As a brute force fix, is there some way to simply erase
the site from the browser history? If not, is there a way to secure
the PDF, or does someone know of a better group to post on? Thanks!

Apr 18 '06 #1
2 1124
Greg wrote on 18 apr 2006 in microsoft.public.inetserver.asp.general:
I need to be able to secure files on my web server. I am using asp to
secure access to links and pages, for example:

<%If Session("manager")=FALSE Then%>
You are not authorized to view this page
<%Else%>
<<<Page Code>>>
<%End If%>

The place I'm running into problems is with files. I have a lot of
charts and such in PDF version. I kind of doubt there is a way to
secure these files with asp, but I thought it would be worth a try. My
biggest issue is that PDFs are stored in the browser's history, so once
the page has been accessed, anyone using the browser can get to that
unsecured PDF. As a brute force fix, is there some way to simply erase
the site from the browser history? If not, is there a way to secure
the PDF, or does someone know of a better group to post on? Thanks!


You can try to start an .pdf or .jpg with:

<%If NOT Session("manager")="ok" Then server.transfer "/404.asp"%>

No Newline after the %> !!!

If the bitstream of the file contains no <% then this usually works

=================

Second option:

put the .pdf ot whatever in a directory outside the root,
or at least in a directory with a secret name.
Then send the file with:
<% ' myPdf.asp

If Session("manager")="ok" Then

pdf "/secretdirectoryQWERTYUIOP/myPdf.pdf"

function pdf(strFileName)
Response.Clear
strFilePath=server.mappath(strFilename)
Set objStream = Server.CreateObject("ADODB.Stream")
objStream.Open
objStream.Type = 1
objStream.LoadFromFile strFilePath
Response.ContentType = "application/pdf"
Response.BinaryWrite objStream.Read
objStream.Close
Set objStream = Nothing
Response.end
end function

end if

response.status = "404 Not Found" ' so searchbots will go away

%>
<html>
<body style='font-size:30pt;'>
No admittance! ;-(
</body>
</html>
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Apr 18 '06 #2
keep the files outside of the web or in a folder no ones knows the location
of
the stream the files to logged in users... whch wil keep the file locations
secret to everyone

www.aspin.com has some god examples on streaming from as code as well as a
lot of nice FREE asp login managers
www.aspprotect.com is a also good place to look if you are lokin for
something that can handle all of this for you including the streaming

"Greg" <GC*******@gmail.com> wrote in message
news:11*********************@g10g2000cwb.googlegro ups.com...
I need to be able to secure files on my web server. I am using asp to
secure access to links and pages, for example:

<%If Session("manager")=FALSE Then%>
You are not authorized to view this page
<%Else%>
<<<Page Code>>>
<%End If%>

The place I'm running into problems is with files. I have a lot of
charts and such in PDF version. I kind of doubt there is a way to
secure these files with asp, but I thought it would be worth a try. My
biggest issue is that PDFs are stored in the browser's history, so once
the page has been accessed, anyone using the browser can get to that
unsecured PDF. As a brute force fix, is there some way to simply erase
the site from the browser history? If not, is there a way to secure
the PDF, or does someone know of a better group to post on? Thanks!

Apr 18 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

9 posts views Thread by Howard | last post: by
reply views Thread by SoftComplete Development | last post: by
2 posts views Thread by Maziar Aflatoun | last post: by
1 post views Thread by Malik Asif Joyia | last post: by
1 post views Thread by Rotsen | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by suresh191 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.