473,320 Members | 1,950 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Protect DLL File from being Downloaded?

VS.NET 2002/VB

My IIS permissions and folder settings show Read and Execute only. Why is it that I can use any
browser and link directly to my DLL file in my BIN folder on my Web site and download it to my
harddrive (as could anyone else who wanted to)? I don't see any other settings in my host's Control
Center Panel that will let me set any other properties for those folders.

How do I prevent this from happening?

Thanks,
George


Nov 18 '05 #1
8 2157
On Wed, 01 Sep 2004 02:05:31 GMT, George <------@----.---> wrote:
VS.NET 2002/VB

My IIS permissions and folder settings show Read and Execute only. Why
is it that I can use any
browser and link directly to my DLL file in my BIN folder on my Web site
and download it to my
harddrive (as could anyone else who wanted to)? I don't see any other
settings in my host's Control
Center Panel that will let me set any other properties for those folders.

How do I prevent this from happening?

Thanks,
George


Do they/you have Directory Browsing enabled? They shouldn't, that's the
easiest way to accidentally expose files....

Try browsing to just 1 of your directories in a web browser. No filename,
just a directory, e.g.

http://mydomain.com/appFolder/

if you get a file listing, tell your host to turn that off or do it
yourself (sounds like you might have that access)...that's not what you
want...

--
Craig Deelsnyder
Microsoft MVP - ASP/ASP.NET
Nov 18 '05 #2
Craig,

I tried browsing to just the BIN folder and got an accessed denied message, so that part seems to be
working right.

However, if I try to link directly to my DLL file using IE6, it obviously trys to execute the file,
and I get some type of error and a list of a couple of debuggers to use.

The real problem comes when I use Netscape or Mozilla Firefox to link to directly to the DLL file,
in which case, they both ask if I want to save it to disk. I say yes, and it downloads it to my
local drive without any problems. This is a very bad thing.

George

"Craig Deelsnyder" <cdeelsny@no_spam_4_meyahoo.com> wrote in message news:opsdmm8jhe75dg5d@cowboy...
On Wed, 01 Sep 2004 02:05:31 GMT, George <------@----.---> wrote:
VS.NET 2002/VB

My IIS permissions and folder settings show Read and Execute only. Why
is it that I can use any
browser and link directly to my DLL file in my BIN folder on my Web site
and download it to my
harddrive (as could anyone else who wanted to)? I don't see any other
settings in my host's Control
Center Panel that will let me set any other properties for those folders.

How do I prevent this from happening?

Thanks,
George


Do they/you have Directory Browsing enabled? They shouldn't, that's the
easiest way to accidentally expose files....

Try browsing to just 1 of your directories in a web browser. No filename,
just a directory, e.g.

http://mydomain.com/appFolder/

if you get a file listing, tell your host to turn that off or do it
yourself (sounds like you might have that access)...that's not what you
want...

--
Craig Deelsnyder
Microsoft MVP - ASP/ASP.NET

Nov 18 '05 #3
yeah but why would you want a hyperlink to your compiled assembly ? at the
end of the day its just a file even though in a hidden directory directly
not accesible.
so its just doing what hyperlinks do... ie point to files that can be opened
or download

--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
"George" <------@----.---> wrote in message
news:QX********************@bgtnsc04-news.ops.worldnet.att.net...
Craig,

I tried browsing to just the BIN folder and got an accessed denied message, so that part seems to be working right.

However, if I try to link directly to my DLL file using IE6, it obviously trys to execute the file, and I get some type of error and a list of a couple of debuggers to use.

The real problem comes when I use Netscape or Mozilla Firefox to link to directly to the DLL file, in which case, they both ask if I want to save it to disk. I say yes, and it downloads it to my local drive without any problems. This is a very bad thing.

George

"Craig Deelsnyder" <cdeelsny@no_spam_4_meyahoo.com> wrote in message

news:opsdmm8jhe75dg5d@cowboy...
On Wed, 01 Sep 2004 02:05:31 GMT, George <------@----.---> wrote:
VS.NET 2002/VB

My IIS permissions and folder settings show Read and Execute only. Why
is it that I can use any
browser and link directly to my DLL file in my BIN folder on my Web site and download it to my
harddrive (as could anyone else who wanted to)? I don't see any other
settings in my host's Control
Center Panel that will let me set any other properties for those folders.
How do I prevent this from happening?

Thanks,
George


Do they/you have Directory Browsing enabled? They shouldn't, that's the
easiest way to accidentally expose files....

Try browsing to just 1 of your directories in a web browser. No filename, just a directory, e.g.

http://mydomain.com/appFolder/

if you get a file listing, tell your host to turn that off or do it
yourself (sounds like you might have that access)...that's not what you
want...

--
Craig Deelsnyder
Microsoft MVP - ASP/ASP.NET


Nov 18 '05 #4
Cam
Hi,

You'll want to add an entry in the <httpHandlers> section of the
machine.config file on your web server.

Something like this should do I think:

<add verb="*" path="*.dll" type="System.Web.HttpForbiddenHandler"/>

This should use the HttpForbiddenHandler when a request is received for a
DLL file.

Cheers,
Cam
My IIS permissions and folder settings show Read and Execute only. Why is it that I can use any
browser and link directly to my DLL file in my BIN folder on my Web site and download it to my
harddrive (as could anyone else who wanted to)? I don't see any other settings in my host's Control
Center Panel that will let me set any other properties for those folders.

How do I prevent this from happening?


Nov 18 '05 #5
I've got an untested idea.

Have you tried to configure your Web Application setting so that the default
handler for ".dll" extension would be "C:\WINDOWS\System32\inetsrv\404.dll".

It should be able to bar the download, but don't know whether it'll cause
error on your ASP.NET application (for a good chance it won't).

"George" <------@----.---> ¦b¶l¥ó
news:QX********************@bgtnsc04-news.ops.worldnet.att.net ¤¤¼¶¼g...
Craig,

I tried browsing to just the BIN folder and got an accessed denied message, so that part seems to be working right.

However, if I try to link directly to my DLL file using IE6, it obviously trys to execute the file, and I get some type of error and a list of a couple of debuggers to use.

The real problem comes when I use Netscape or Mozilla Firefox to link to directly to the DLL file, in which case, they both ask if I want to save it to disk. I say yes, and it downloads it to my local drive without any problems. This is a very bad thing.

George

"Craig Deelsnyder" <cdeelsny@no_spam_4_meyahoo.com> wrote in message

news:opsdmm8jhe75dg5d@cowboy...
On Wed, 01 Sep 2004 02:05:31 GMT, George <------@----.---> wrote:
VS.NET 2002/VB

My IIS permissions and folder settings show Read and Execute only. Why
is it that I can use any
browser and link directly to my DLL file in my BIN folder on my Web site and download it to my
harddrive (as could anyone else who wanted to)? I don't see any other
settings in my host's Control
Center Panel that will let me set any other properties for those folders.
How do I prevent this from happening?

Thanks,
George


Do they/you have Directory Browsing enabled? They shouldn't, that's the
easiest way to accidentally expose files....

Try browsing to just 1 of your directories in a web browser. No filename, just a directory, e.g.

http://mydomain.com/appFolder/

if you get a file listing, tell your host to turn that off or do it
yourself (sounds like you might have that access)...that's not what you
want...

--
Craig Deelsnyder
Microsoft MVP - ASP/ASP.NET


Nov 18 '05 #6
Just disable "Read" permission for the directory in IIS.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

"George" <------@----.---> wrote in message
news:L7*********************@bgtnsc05-news.ops.worldnet.att.net...
VS.NET 2002/VB

My IIS permissions and folder settings show Read and Execute only. Why is it that I can use any browser and link directly to my DLL file in my BIN folder on my Web site and download it to my harddrive (as could anyone else who wanted to)? I don't see any other settings in my host's Control Center Panel that will let me set any other properties for those folders.

How do I prevent this from happening?

Thanks,
George

Nov 18 '05 #7
Thanks to everyone for their suggestions.

As Kevin suggested, I went to IIS and disabled the Read Persmissions on the bin folder, and that
solved the problem, without affecting the apps functionality.

George

"George" <------@----.---> wrote in message
news:L7*********************@bgtnsc05-news.ops.worldnet.att.net...
VS.NET 2002/VB

My IIS permissions and folder settings show Read and Execute only. Why is it that I can use any
browser and link directly to my DLL file in my BIN folder on my Web site and download it to my
harddrive (as could anyone else who wanted to)? I don't see any other settings in my host's Control Center Panel that will let me set any other properties for those folders.

How do I prevent this from happening?

Thanks,
George


Nov 18 '05 #8


Well George seems to be u r checking the best possible ways to save ur
dll from download. Good practice is that your Dll shouldnt name friendly
so other person cant able guess. restrict directory browsing.Liks are
based or requests if u set request.end or such thing (better check) may
b that would help you.

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 18 '05 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: Joshua | last post by:
Is there a way to set up Apache to invoke a PHP equest when a file (a image for example) is downloaded? Say, then, that http://www.foo.com/downloads/app1.zip is downloaded, Id like to have...
9
by: Paul | last post by:
Hi, VB.NET is saying the file I am creating is in use by another process and won't complete its task of moving the file to the specified destination folder. Here is my code (the main bit...
11
by: siliconmike | last post by:
Is there a way to protect data files from access by root ? I have a data-centered website and would like to protect data piracy from any foot-loose hosting company employee. Any ideas? ...
0
by: Buddy Ackerman | last post by:
I am trying to implment a file download via a link such that when clicked, instead of starting the default application for that type of file the user will be presented with a download dialog...
4
by: FAQ server | last post by:
----------------------------------------------------------------------- FAQ Topic - How do I protect my javascript code? ----------------------------------------------------------------------- ...
3
by: bfmcfarlane | last post by:
I have an appication that allows users to upload and download files. This application is only accessed when a user clicks on an "Upload / Download" link from within our main application. A new...
22
by: teejayem | last post by:
Hi, I am new to programming with databases and was wanting some help. Is there any way to password protect an access database and access sent sql commands to it via vb.net code? Any help...
1
KevinADC
by: KevinADC | last post by:
Note: You may skip to the end of the article if all you want is the perl code. Introduction Many websites have a form or a link you can use to download a file. You click a form button or click...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.