Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Secure files on web server - mySQL and ASP

Options
  • 27-11-2008 11:12am
    #1
    whiteshadow
    Registered Users Posts: 771 ✭✭✭


    Hi,

    Ive written a custom CMS system for a client in classic ASP and mySQL,
    site is hosted on blacknight (helm)

    I need to secure files so that they can upload pdfs/powerpoints/word documents etc to a password protected area of the site.

    However i need it to be secured in such a way that even if the path is know to the physical file that it can not be downloaded / viewed unless a team member is logged in.

    any advice on the best way to do this....?


Comments

  • Options
    #2
    whiteshadow
    Registered Users Posts: 771 ✭✭✭whiteshadow


    bump.. anyone?


  • Options
    #3
    ron_darrell
    Users Awaiting Email Confirmation Posts: 351 ✭✭ron_darrell


    Couple of ways (I'm sure people will disagree with some or all of these but how and ever :) )

    1) https - SSL to password protect the area for uploading
    2) set the permissions on the upload folder to read/write/not execute [the least secure means - never a good idea to give too much access to any part of the site]
    3) get the asp to save the files to an area on the computer/server that the cannot be accessed from outside the server e.g. save the files to c:\files\ - cannot be directly accessed from the web http://mysite.com/files/ refers to the files folder on the webserver (for iis server likely to be c:\inetpub\wwwroot\files\ however asp code can point to those files

    With all of these it's extremely important that you only allow access to the upload page with at least one level of password protection and that you do a check on the file type being uploaded to prevent potentially dangerous files from being uploaded.

    Hope that's some help to you
    RD


  • Options
    #4
    whiteshadow
    Registered Users Posts: 771 ✭✭✭whiteshadow


    ron_darrell wrote: »
    Couple of ways (I'm sure people will disagree with some or all of these but how and ever :) )

    1) https - SSL to password protect the area for uploading
    2) set the permissions on the upload folder to read/write/not execute [the least secure means - never a good idea to give too much access to any part of the site]
    3) get the asp to save the files to an area on the computer/server that the cannot be accessed from outside the server e.g. save the files to c:\files\ - cannot be directly accessed from the web http://mysite.com/files/ refers to the files folder on the webserver (for iis server likely to be c:\inetpub\wwwroot\files\ however asp code can point to those files

    With all of these it's extremely important that you only allow access to the upload page with at least one level of password protection and that you do a check on the file type being uploaded to prevent potentially dangerous files from being uploaded.

    Hope that's some help to you
    RD

    great help, many thanks.


Advertisement