Re: Security of Excels and Documents on IIS
From: Tom Kaminski [MVP] ((A_at_T))
Date: 01/15/04
- Next message: Chris: "Check logs for Intrusion"
- Previous message: Fred Yarbrough: "Re: -2147023569 error from IIS Password Change"
- In reply to: Avi: "Security of Excels and Documents on IIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 15 Jan 2004 09:39:56 -0500
"Avi" <avin_ashinc@coolgoose.com> wrote in message
news:090b01c3db2b$ad4ae830$a301280a@phx.gbl...
> Hi,
>
> The pages on our IIS are a mix of ASP and documents (PDFs,
> Docs, Excels etc).
>
> The ASP pages are secured using a session. The session is
> set only at the login page after proper authentication of
> the ID and password. The interior ASP pages check for the
> session and display only if the session is present.
>
> How can we make sure that the documents(.doc,.xls) are
> also shown only if the session has been set since no
> session check can be kept within the documents? Converting
> the documents to ASP pages is infeasible since there are
> around 1000+ of them and dynamic uploading facility is
> provided on the site. PLS HELP.
Place those document files physically outside of the web root path so there
is no direct URL to them and use an ASP with ADODB.Stream and
Response.BinaryWrite to serve the documents after a user has authenticated
to your session.
http://support.microsoft.com/?kbid=276488
-- Tom Kaminski IIS MVP http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS http://mvp.support.microsoft.com/ http://www.microsoft.com/windowsserver2003/community/centers/iis/
- Next message: Chris: "Check logs for Intrusion"
- Previous message: Fred Yarbrough: "Re: -2147023569 error from IIS Password Change"
- In reply to: Avi: "Security of Excels and Documents on IIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
