Hiding downloadable files

comer_97 · 12-06-2006 12:44pm #1

I have files on my website for a client to download. They have to log in to see a list of them. And then the download/

But they would just typw in the name of the file and location and it will download it bypassing the login.

Any ideas how to stop this happening?

aidan_walsh · 12-06-2006 1:14pm

Whats your log in system? Are you using cookies, sessions or a combination?

bonkey · 12-06-2006 1:41pm

comer_97 wrote:

Any ideas how to stop this happening?

Implement proper security.

Think about what you're saying - people can access parts of the system without logging on. The conclusion is that those parts of the system are not secured against anonymous access.

comer_97 · 12-06-2006 2:06pm

bonkey wrote:

Implement proper security.

Think about what you're saying - people can access parts of the system without logging on. The conclusion is that those parts of the system are not secured against anonymous access.

so if i use iis to disallow anonymous access, i will be sorted?

phil · 13-06-2006 12:01pm

Yup, disable anonymous access and make sure Integrated Windows authentication is enabled. IIS will prompt for a username/password combination then.

There are ISAPI plugins for IIS which allow htaccess like functionality, where you don't need to have Windows accounts, but I'm not sure if there are free ones available.

Phil.

Hiding downloadable files

Comments