Code Comments
Programming Forum and web based access to our favorite programming groups.
controlled access in fsoI have a SQL Server-driven website with public and secure areas. Anonymous connection is via IUSR and authentication for the secure area is done via asp. Several pages first authenticate with asp and then use the fso to provide access to certain files for downloading or viewing via hyperlink. Up to this point, I am satisfied that I am able to control access to certain files and folder. The problem arises that, if an internet user guesses the path and filename, he can download a file through the browser. The actual files are outside of the website tree, and are accessed via virtual directories. I have tried to fix this by limiting access to the base folder to internal users only and creating a user "IFSO" that has external access. Where I am at this point is that I get a "File Not Found" error when the fso.getfolder method tries to execute. Can I pass userid and password arguments in the getfolder method? If not, do you have any ideas as to how to give the website access to these folders without giving the public unrestricted access to them? Thank you
Post Follow-up to this message
Re: controlled access in fsoEither put the files completely outside the web-site so that they are not accessible via HTTP at all or put them in a web-site directory that does not allow read access in IIS. For an example of the second approach try these URLS: http://www.ielearning.com/wbtroot/html/logo.gif http://www.ielearning.com/wbtroot/asp/logo.gif -- --Mark Schupp Head of Development Integrity eLearning www.ielearning.com "WC Justice" <BJustice@wcje.com> wrote in message news:HVEyd.14148$wZ1.579@bignews3.bellsouth.net... >I have a SQL Server-driven website with public and secure areas. Anonymous >connection is via IUSR and authentication for the secure area is done via >asp. Several pages first authenticate with asp and then use the fso to >provide access to certain files for downloading or viewing via hyperlink. >Up to this point, I am satisfied that I am able to control access to >certain files and folder. > > The problem arises that, if an internet user guesses the path and > filename, he can download a file through the browser. The actual files > are outside of the website tree, and are accessed via virtual directories. > I have tried to fix this by limiting access to the base folder to internal > users only and creating a user "IFSO" that has external access. > > Where I am at this point is that I get a "File Not Found" error when the > fso.getfolder method tries to execute. Can I pass userid and password > arguments in the getfolder method? If not, do you have any ideas as to > how to give the website access to these folders without giving the public > unrestricted access to them? > > Thank you >
Post Follow-up to this message
Sponsored Links
Powered by vBulletin
Copyright 2000-2006 Jelsoft Enterprises Limited.
