Professional Web Applications Themes

Restrict access to downloadable files - Macromedia Dreamweaver

Mintyman wrote: > Hi there, > > I have been looking around the web but can't find a definite answer to this > one: > > I have a number of doents (.pdf's and .doc's) that I want only logged in > users of a site to gain access to. The links to these files sits in a page > that is only accessible to users logged in. However, like your problem, if > someone knew the full URL (e.g. [url]http://www.mysite/members/docs/X.pdf[/url]) > then it would let them gain access. > > How can I do this. I think I need ...

  1. #1

    Default Re: Restrict access to downloadable files

    Mintyman wrote:
    > Hi there,
    >
    > I have been looking around the web but can't find a definite answer to this
    > one:
    >
    > I have a number of doents (.pdf's and .doc's) that I want only logged in
    > users of a site to gain access to. The links to these files sits in a page
    > that is only accessible to users logged in. However, like your problem, if
    > someone knew the full URL (e.g. [url]http://www.mysite/members/docs/X.pdf[/url])
    > then it would let them gain access.
    >
    > How can I do this. I think I need to store the files outside the root
    > directory of the site and use some sort of script but I don't have a clue
    > how.
    >
    > I am using Win 2000, IIS 5.0 and ASP
    >
    > Thanks,
    >
    > Darren
    >
    >

    Darren,

    Check with your host first. They usually have some kind of script
    preinstalled that'll restrict access and prevent download by using e.g.
    ..htaccess files. If that's the case, all you have to do is to select the
    folder and actiavte the script.

    Else, go to e.g. [url]www.hotscripts.com[/url] and look for something that'll fit
    your needs. There are heaps of both commercial and free scripts there.



    --
    Dan Vendel - *GOF*
    [url]http://www.vendel.info[/url]
    Contact me directly by clicking here:
    [url]http://contact.vendel.info[/url]
    Formmail tutorial:
    [url]http://www.vendel.info/tut/formmail.html[/url]
    Nested table demonstration:
    [url]http://www.vendel.info/tabletut/[/url]

    Dan Vendel *GOF* Guest

  2. #2

    Default Re: Restrict access to downloadable files

    Mintyman wrote:
    > We host our own website so I don't really have an 'expert' to ask for
    > help
    > as such. I've started looking through the scripts on the site you gave me
    > but haven't found anything yet. Fingers crossed though.
    >
    > Darren
    >
    > "Dan Vendel *GOF*" wrote in
    > message news:bg2ppn$5vh$9forums.macromedia.com...
    >
    > >Mintyman wrote:
    > >
    > >
    > >>Hi there,
    > >>
    > >>I have been looking around the web but can't find a definite answer to
    >
    > this
    >
    > >>one:
    > >>
    > >>I have a number of doents (.pdf's and .doc's) that I want only logged
    >
    > in
    >
    > >>users of a site to gain access to. The links to these files sits in a
    >
    > page
    >
    > >>that is only accessible to users logged in. However, like your problem,
    >
    > if
    >
    > >>someone knew the full URL (e.g. [url]http://www.mysite/members/docs/X.pdf[/url])
    > >>then it would let them gain access.
    > >>
    > >>How can I do this. I think I need to store the files outside the root
    > >>directory of the site and use some sort of script but I don't have a
    >
    > clue
    >
    > >>how.
    > >>
    > >>I am using Win 2000, IIS 5.0 and ASP
    > >>
    > >>Thanks,
    > >>
    > >>Darren
    > >>
    > >>
    > >
    > >
    > >Darren,
    > >
    > >Check with your host first. They usually have some kind of script
    > >preinstalled that'll restrict access and prevent download by using e.g.
    > >.htaccess files. If that's the case, all you have to do is to select the
    > >folder and actiavte the script.
    > >
    > >Else, go to e.g. [url]www.hotscripts.com[/url] and look for something that'll fit
    > >your needs. There are heaps of both commercial and free scripts there.
    > >
    > >
    > >
    > >--
    > >Dan Vendel - *GOF*
    > >[url]http://www.vendel.info[/url]
    > >Contact me directly by clicking here:
    > >[url]http://contact.vendel.info[/url]
    > >Formmail tutorial:
    > >[url]http://www.vendel.info/tut/formmail.html[/url]
    > >Nested table demonstration:
    > >[url]http://www.vendel.info/tabletut/[/url]
    > >
    >
    >
    >
    Look for 'password .htaccess tutorials' on google. I turned up the one
    below.

    [url]http://help.powweb.com/tutorials/htaccess/passprotect.php[/url]

    Personally I gave up and acquired an isp who could provide an interface,
    to protect folders, controlled via the web-browser

    osgood Guest

  3. #3

    Default Re: Restrict access to downloadable files

    Try this

    [url]http://www.4guysfromrolla.com/webtech/081199-1.shtml[/url]

    --
    Jules
    -----
    Charon Cart 3
    [url]http://www.charon.co.uk/charoncart[/url]



    Mintyman wrote:
    > Hi there,
    >
    > I have been looking around the web but can't find a definite answer
    > to this one:
    >
    > I have a number of doents (.pdf's and .doc's) that I want only
    > logged in users of a site to gain access to. The links to these files
    > sits in a page that is only accessible to users logged in. However,
    > like your problem, if someone knew the full URL (e.g.
    > [url]http://www.mysite/members/docs/X.pdf[/url]) then it would let them gain
    > access.
    >
    > How can I do this. I think I need to store the files outside the root
    > directory of the site and use some sort of script but I don't have a
    > clue how.
    >
    > I am using Win 2000, IIS 5.0 and ASP
    >
    > Thanks,
    >
    > Darren


    Julian Roberts Guest

  4. #4

    Default Re: Restrict access to downloadable files

    htaccess doesn't work with iis.

    joe



    "Dan Vendel *GOF*" <see_my_signature__the_bottom_of_the_post.com> wrote in
    message news:bg2ppn$5vh$9forums.macromedia.com...
    > Mintyman wrote:
    >
    > > Hi there,
    > >
    > > I have been looking around the web but can't find a definite answer to
    this
    > > one:
    > >
    > > I have a number of doents (.pdf's and .doc's) that I want only logged
    in
    > > users of a site to gain access to. The links to these files sits in a
    page
    > > that is only accessible to users logged in. However, like your problem,
    if
    > > someone knew the full URL (e.g. [url]http://www.mysite/members/docs/X.pdf[/url])
    > > then it would let them gain access.
    > >
    > > How can I do this. I think I need to store the files outside the root
    > > directory of the site and use some sort of script but I don't have a
    clue
    > > how.
    > >
    > > I am using Win 2000, IIS 5.0 and ASP
    > >
    > > Thanks,
    > >
    > > Darren
    > >
    > >
    >
    >
    > Darren,
    >
    > Check with your host first. They usually have some kind of script
    > preinstalled that'll restrict access and prevent download by using e.g.
    > .htaccess files. If that's the case, all you have to do is to select the
    > folder and actiavte the script.
    >
    > Else, go to e.g. [url]www.hotscripts.com[/url] and look for something that'll fit
    > your needs. There are heaps of both commercial and free scripts there.
    >
    >
    >
    > --
    > Dan Vendel - *GOF*
    > [url]http://www.vendel.info[/url]
    > Contact me directly by clicking here:
    > [url]http://contact.vendel.info[/url]
    > Formmail tutorial:
    > [url]http://www.vendel.info/tut/formmail.html[/url]
    > Nested table demonstration:
    > [url]http://www.vendel.info/tabletut/[/url]
    >

    Joe {RoastHorse} Guest

  5. #5

    Default Re: Restrict access to downloadable files

    if you don't have an expert to hand then you may have other security holes,
    anyhow... your problem can be solved like this:

    put your downloadable files in a directory outside the doc root.
    to download a file link to download.asp and append the file name eg:

    href="download.asp?filename=myfile.pdf"

    i don't do asp so i can only give you general pseudocode directions here:

    // download.asp:
    filename = getargs(filename);
    openfile(filename);
    readfile(filename);
    closefile(filename);
    outputheader ("Content-Type: application/octet-stream");
    outputheader ("Content-Disposition: attachment; filename=filename");
    outputheader ("Content-Length: ".filesize(filename));
    output filename;

    it basically involves reading the file specified in the url, outputing
    headers and outputing the file data.
    the asp gurus here may be able to elaborate.

    joe


    "Mintyman" <mintymanntlworld.com> wrote in message
    news:bg2rpd$su3$1forums.macromedia.com...
    > We host our own website so I don't really have an 'expert' to ask for
    help
    > as such. I've started looking through the scripts on the site you gave me
    > but haven't found anything yet. Fingers crossed though.
    >
    > Darren
    >
    > "Dan Vendel *GOF*" <see_my_signature__the_bottom_of_the_post.com> wrote
    in
    > message news:bg2ppn$5vh$9forums.macromedia.com...
    > > Mintyman wrote:
    > >
    > > > Hi there,
    > > >
    > > > I have been looking around the web but can't find a definite answer to
    > this
    > > > one:
    > > >
    > > > I have a number of doents (.pdf's and .doc's) that I want only
    logged
    > in
    > > > users of a site to gain access to. The links to these files sits in a
    > page
    > > > that is only accessible to users logged in. However, like your
    problem,
    > if
    > > > someone knew the full URL (e.g.
    [url]http://www.mysite/members/docs/X.pdf[/url])
    > > > then it would let them gain access.
    > > >
    > > > How can I do this. I think I need to store the files outside the root
    > > > directory of the site and use some sort of script but I don't have a
    > clue
    > > > how.
    > > >
    > > > I am using Win 2000, IIS 5.0 and ASP
    > > >
    > > > Thanks,
    > > >
    > > > Darren
    > > >
    > > >
    > >
    > >
    > > Darren,
    > >
    > > Check with your host first. They usually have some kind of script
    > > preinstalled that'll restrict access and prevent download by using e.g.
    > > .htaccess files. If that's the case, all you have to do is to select the
    > > folder and actiavte the script.
    > >
    > > Else, go to e.g. [url]www.hotscripts.com[/url] and look for something that'll fit
    > > your needs. There are heaps of both commercial and free scripts there.
    > >
    > >
    > >
    > > --
    > > Dan Vendel - *GOF*
    > > [url]http://www.vendel.info[/url]
    > > Contact me directly by clicking here:
    > > [url]http://contact.vendel.info[/url]
    > > Formmail tutorial:
    > > [url]http://www.vendel.info/tut/formmail.html[/url]
    > > Nested table demonstration:
    > > [url]http://www.vendel.info/tabletut/[/url]
    > >
    >
    >

    Joe {RoastHorse} Guest

  6. #6

    Default Re: Restrict access to downloadable files

    sorry... should add that only logged in users should be able to access
    download.asp - otherwise you're back where you started.

    joe



    "Joe {RoastHorse}" <joeroast-horse.com> wrote in message
    news:bg2vtu$6se$1forums.macromedia.com...
    > if you don't have an expert to hand then you may have other security
    holes,
    > anyhow... your problem can be solved like this:
    >
    > put your downloadable files in a directory outside the doc root.
    > to download a file link to download.asp and append the file name eg:
    >
    > href="download.asp?filename=myfile.pdf"
    >
    > i don't do asp so i can only give you general pseudocode directions here:
    >
    > // download.asp:
    > filename = getargs(filename);
    > openfile(filename);
    > readfile(filename);
    > closefile(filename);
    > outputheader ("Content-Type: application/octet-stream");
    > outputheader ("Content-Disposition: attachment; filename=filename");
    > outputheader ("Content-Length: ".filesize(filename));
    > output filename;
    >
    > it basically involves reading the file specified in the url, outputing
    > headers and outputing the file data.
    > the asp gurus here may be able to elaborate.
    >
    > joe
    >
    >
    > "Mintyman" <mintymanntlworld.com> wrote in message
    > news:bg2rpd$su3$1forums.macromedia.com...
    > > We host our own website so I don't really have an 'expert' to ask for
    > help
    > > as such. I've started looking through the scripts on the site you gave
    me
    > > but haven't found anything yet. Fingers crossed though.
    > >
    > > Darren
    > >
    > > "Dan Vendel *GOF*" <see_my_signature__the_bottom_of_the_post.com> wrote
    > in
    > > message news:bg2ppn$5vh$9forums.macromedia.com...
    > > > Mintyman wrote:
    > > >
    > > > > Hi there,
    > > > >
    > > > > I have been looking around the web but can't find a definite answer
    to
    > > this
    > > > > one:
    > > > >
    > > > > I have a number of doents (.pdf's and .doc's) that I want only
    > logged
    > > in
    > > > > users of a site to gain access to. The links to these files sits in
    a
    > > page
    > > > > that is only accessible to users logged in. However, like your
    > problem,
    > > if
    > > > > someone knew the full URL (e.g.
    > [url]http://www.mysite/members/docs/X.pdf[/url])
    > > > > then it would let them gain access.
    > > > >
    > > > > How can I do this. I think I need to store the files outside the
    root
    > > > > directory of the site and use some sort of script but I don't have a
    > > clue
    > > > > how.
    > > > >
    > > > > I am using Win 2000, IIS 5.0 and ASP
    > > > >
    > > > > Thanks,
    > > > >
    > > > > Darren
    > > > >
    > > > >
    > > >
    > > >
    > > > Darren,
    > > >
    > > > Check with your host first. They usually have some kind of script
    > > > preinstalled that'll restrict access and prevent download by using
    e.g.
    > > > .htaccess files. If that's the case, all you have to do is to select
    the
    > > > folder and actiavte the script.
    > > >
    > > > Else, go to e.g. [url]www.hotscripts.com[/url] and look for something that'll fit
    > > > your needs. There are heaps of both commercial and free scripts there.
    > > >
    > > >
    > > >
    > > > --
    > > > Dan Vendel - *GOF*
    > > > [url]http://www.vendel.info[/url]
    > > > Contact me directly by clicking here:
    > > > [url]http://contact.vendel.info[/url]
    > > > Formmail tutorial:
    > > > [url]http://www.vendel.info/tut/formmail.html[/url]
    > > > Nested table demonstration:
    > > > [url]http://www.vendel.info/tabletut/[/url]
    > > >
    > >
    > >
    >
    >

    Joe {RoastHorse} Guest

  7. #7

    Default Re: Restrict access to downloadable files

    Hi Julian,

    Thanks for that link. I read the article and, while it is good, doesn't
    address the fact that the files will still physically sit within the root of
    the website. Thus, someone could still guess the full URL of the file. The
    only way I can see round this is to store the files outwith the root
    directory of the site and use some sort of linking to reference them locally
    (just like an ODBC connector for the database that runs the site - it sits
    outside the root directory). Apart from that, the article does cover some
    nice points.

    Darren

    "Julian Roberts" <newsgroupcharon.co.uk> wrote in message
    news:bg2u78$3t9$1forums.macromedia.com...
    > Try this
    >
    > [url]http://www.4guysfromrolla.com/webtech/081199-1.shtml[/url]
    >
    > --
    > Jules
    > -----
    > Charon Cart 3
    > [url]http://www.charon.co.uk/charoncart[/url]
    >
    >
    >
    > Mintyman wrote:
    > > Hi there,
    > >
    > > I have been looking around the web but can't find a definite answer
    > > to this one:
    > >
    > > I have a number of doents (.pdf's and .doc's) that I want only
    > > logged in users of a site to gain access to. The links to these files
    > > sits in a page that is only accessible to users logged in. However,
    > > like your problem, if someone knew the full URL (e.g.
    > > [url]http://www.mysite/members/docs/X.pdf[/url]) then it would let them gain
    > > access.
    > >
    > > How can I do this. I think I need to store the files outside the root
    > > directory of the site and use some sort of script but I don't have a
    > > clue how.
    > >
    > > I am using Win 2000, IIS 5.0 and ASP
    > >
    > > Thanks,
    > >
    > > Darren
    >
    >
    >

    Mintyman Guest

  8. #8

    Default Re: Restrict access to downloadable files

    No, the gist of the article is that only the name of the file is revealed to
    the user. If your files are sitting in

    yoursite.com/ytr65rttndgghd3543/

    then nobody will guess the folder name

    --
    Jules
    -----
    Charon Cart 3
    [url]http://www.charon.co.uk/charoncart[/url]



    Mintyman wrote:
    > Hi Julian,
    >
    > Thanks for that link. I read the article and, while it is good,
    > doesn't address the fact that the files will still physically sit
    > within the root of the website. Thus, someone could still guess the
    > full URL of the file. The only way I can see round this is to store
    > the files outwith the root directory of the site and use some sort of
    > linking to reference them locally (just like an ODBC connector for
    > the database that runs the site - it sits outside the root
    > directory). Apart from that, the article does cover some nice points.
    >
    > Darren
    >
    > "Julian Roberts" <newsgroupcharon.co.uk> wrote in message
    > news:bg2u78$3t9$1forums.macromedia.com...
    >> Try this
    >>
    >> [url]http://www.4guysfromrolla.com/webtech/081199-1.shtml[/url]
    >>
    >> --
    >> Jules
    >> -----
    >> Charon Cart 3
    >> [url]http://www.charon.co.uk/charoncart[/url]
    >>
    >>
    >>
    >> Mintyman wrote:
    >>> Hi there,
    >>>
    >>> I have been looking around the web but can't find a definite answer
    >>> to this one:
    >>>
    >>> I have a number of doents (.pdf's and .doc's) that I want only
    >>> logged in users of a site to gain access to. The links to these
    >>> files sits in a page that is only accessible to users logged in.
    >>> However, like your problem, if someone knew the full URL (e.g.
    >>> [url]http://www.mysite/members/docs/X.pdf[/url]) then it would let them gain
    >>> access.
    >>>
    >>> How can I do this. I think I need to store the files outside the
    >>> root directory of the site and use some sort of script but I don't
    >>> have a clue how.
    >>>
    >>> I am using Win 2000, IIS 5.0 and ASP
    >>>
    >>> Thanks,
    >>>
    >>> Darren

    Julian Roberts Guest

  9. #9

    Default Re: Restrict access to downloadable files

    Hi Julian,

    I completely missed that! must've been dreaming of the weekend already! I
    suppose in practice nobody SHOULD guess the exact URL but it's still not
    watertight. I wonder if the leeching programs would still bea ble to pick it
    up?


    "Julian Roberts" <newsgroupcharon.co.uk> wrote in message
    news:bg378e$l7m$1forums.macromedia.com...
    > No, the gist of the article is that only the name of the file is revealed
    to
    > the user. If your files are sitting in
    >
    > yoursite.com/ytr65rttndgghd3543/
    >
    > then nobody will guess the folder name
    >
    > --
    > Jules
    > -----
    > Charon Cart 3
    > [url]http://www.charon.co.uk/charoncart[/url]
    >
    >
    >
    > Mintyman wrote:
    > > Hi Julian,
    > >
    > > Thanks for that link. I read the article and, while it is good,
    > > doesn't address the fact that the files will still physically sit
    > > within the root of the website. Thus, someone could still guess the
    > > full URL of the file. The only way I can see round this is to store
    > > the files outwith the root directory of the site and use some sort of
    > > linking to reference them locally (just like an ODBC connector for
    > > the database that runs the site - it sits outside the root
    > > directory). Apart from that, the article does cover some nice points.
    > >
    > > Darren
    > >
    > > "Julian Roberts" <newsgroupcharon.co.uk> wrote in message
    > > news:bg2u78$3t9$1forums.macromedia.com...
    > >> Try this
    > >>
    > >> [url]http://www.4guysfromrolla.com/webtech/081199-1.shtml[/url]
    > >>
    > >> --
    > >> Jules
    > >> -----
    > >> Charon Cart 3
    > >> [url]http://www.charon.co.uk/charoncart[/url]
    > >>
    > >>
    > >>
    > >> Mintyman wrote:
    > >>> Hi there,
    > >>>
    > >>> I have been looking around the web but can't find a definite answer
    > >>> to this one:
    > >>>
    > >>> I have a number of doents (.pdf's and .doc's) that I want only
    > >>> logged in users of a site to gain access to. The links to these
    > >>> files sits in a page that is only accessible to users logged in.
    > >>> However, like your problem, if someone knew the full URL (e.g.
    > >>> [url]http://www.mysite/members/docs/X.pdf[/url]) then it would let them gain
    > >>> access.
    > >>>
    > >>> How can I do this. I think I need to store the files outside the
    > >>> root directory of the site and use some sort of script but I don't
    > >>> have a clue how.
    > >>>
    > >>> I am using Win 2000, IIS 5.0 and ASP
    > >>>
    > >>> Thanks,
    > >>>
    > >>> Darren
    >
    >

    Mintyman Guest

  10. #10

    Default Re: Restrict access to downloadable files

    On Mon, 28 Jul 2003 14:33:39 +0100, "Mintyman" <mintymanntlworld.com>
    wrote:
    >I completely missed that! must've been dreaming of the weekend already! I
    >suppose in practice nobody SHOULD guess the exact URL but it's still not
    >watertight. I wonder if the leeching programs would still bea ble to pick it
    >up?
    There is a good article at
    [url]http://www.devshed.com/Server_Side/PHP/UserAuth/page1.html[/url].

    While the article addresses PHP on an Apache server, the techniques
    can be used anywhere.


    Gary
    Gary White Guest

Similar Threads

  1. Restrict access by ip
    By Ted Boyd in forum ASP Components
    Replies: 2
    Last Post: October 7th, 08:40 PM
  2. SECOND restrict access
    By Steve Lawrie in forum Macromedia Dynamic HTML
    Replies: 1
    Last Post: July 17th, 02:30 PM
  3. How can I restrict access to the streams?
    By kleva82 in forum Macromedia Flash Flashcom
    Replies: 0
    Last Post: August 9th, 08:31 AM
  4. How To Secure Downloadable Files
    By robinsf in forum Macromedia ColdFusion
    Replies: 2
    Last Post: February 28th, 06:52 PM
  5. restrict internet access
    By heather in forum Windows Setup, Administration & Security
    Replies: 1
    Last Post: July 11th, 12:01 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139