RE: secure files

From: Dan Heskett (danh@network-systems.com)
Date: 12/19/01 

From: "Dan Heskett" <danh@network-systems.com>
To: <ronald.balk@DEVICEGLOBAL.COM>, <focus-ms@securityfocus.com>
Date: Wed, 19 Dec 2001 15:07:38 -0500

Hello All,

        I have had situations like this before and it almost always works out best
to store the objects as BLOB's in the SQL database. This eliminates 99% of
login issues as you can typically use a nice little script (perl, php, asp,
whatever you like) to facilitate the upload. If the files need to come back
out of the database its pretty straightforward for them be written
temporarily to disk and then have the end-user download them.

        You really don't want to be getting into the murky underground of
funny/shaky authentication schemes.

--dan heskett
Network Systems Inc.

-----Original Message-----
From: Ronald Balk [mailto:ronald.balk@DEVICEGLOBAL.COM]
Sent: Wednesday, December 19, 2001 9:34 AM
To: focus-ms@securityfocus.com
Subject: secure files

Hello list..

I have a question about securing files on a IIS4 web server.
Our website is dbase driven (Sql7/Iis4)
Login procedure is with ssl
One directory containes *.pdf files and is not using our database.
These files are uploaded.
I don't want to use nt user id's because then our clients must login
twice (Sql and Nt)
Ip blocking is also not possible because it's impossible to know the Ip
addresses.
Does anyone know another solution ? Pref. no changes/login procedures on
the clients

Kind regards,

Ronald Balk
Device Global BV
+31 23 534 4300
http://www.deviceglobal.com
"Device adds innovative & guaranteed value to used IT products, with
respect for people and the environment".

Relevant Pages

  • Login: Cannot Open Database?
    ... I have created a SQL database using SQL Server 2000. ... I need to be able to run the application on my laptop to demonstrate ... it tells me that the login is already associated ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: PDO: Switch database user without reopening connection
    ... At the bare minimum there will be a login user who only has ... modifications to the database as well (editors get update permission, ... As database connections are expensive to ... a certain visitor in the Session, and use that value to start the right ...
    (comp.lang.php)
  • Re: PDO: Switch database user without reopening connection
    ... At the bare minimum there will be a login user who only has ... the postgres user they are logged in as to one that can make ... modifications to the database as well (editors get update permission, ... As database connections are expensive to ...
    (comp.lang.php)
  • RE: How to allow users to change their password?
    ... be set up to provide the Security dialog window for password changes. ... I'll have to login using their login ... > name/password first. ... See http://www.QBuilt.com for all your database needs. ...
    (microsoft.public.access.security)
  • Re: Please! Doesnt anyone know a better way to do this?
    ... account, they need to automatically be directed to the page to enter data ... session variable on the Account page. ... I assume here that you're checking a database when the user attempts to ... When a new user attempts to login or clicks to register, ...
    (microsoft.public.dotnet.framework.aspnet)