Re: Need a suggestion for storing files more securely

From: Tom Kaminski [MVP] ((A_at_T))
Date: 01/12/05


Date: Wed, 12 Jan 2005 09:11:15 -0500


"GJ" <gjewell@houston.rr.com> wrote in message
news:bR0Fd.6259$WZ1.4177@fe2.texas.rr.com...
> Hello,
>
> Running Win 2000 / IE 5
>
> We have an .asp application which allows our employees to upload invoices
> (MS Word format) for our users to various folders in a main folder off the
> root of our site. Each customer has their own folder, which is named using
a
> random 12 character directory name (to make it somewhat harder to find).
The
> site allows access by the anonymous internet account. The customers are
> given links directly to the files. Basically, anyone that new both the
> folder name and the file name could have access to the files. I realize I
> could use Windows NTFS permissions on the folders to restrict access, but
I
> am looking for an alternative way to protect the files - I would like to
> avoid having to set up several thousand user accounts, and not have to
> prompt the user for a username and password. Their initial website login
is
> validated against a database, and forcing them to re-enter a login to view
> their invoice files might annoy them.
>
> Does anyone have any suggestions as far as securing these files, other
than
> using NTFS permissions? Thanks.

Place the files outside of wwwroot so they do not have a direct URL and use
an ASP with ADODB.Stream and Response.BinaryWrite to send them to the client
(provided that they have authenticated with your login system).

http://support.microsoft.com/kb/q276488/



Relevant Pages

  • Re: Found it - Lost my quick launch
    ... Since the copied folder structure was incomplete, ... >>> What were the local admin tasks??? ... >>> admin login, just not for mine, it would seem to me that it would be an ... >>>> Quick Launch: Gives error message, ...
    (microsoft.public.windowsxp.general)
  • Re: Access97 DB locks up the asp code at times
    ... of these users created the query off the asp and that's the problem. ... but I could never see the employee.ldb on the folder ... I'll chat with our IT group about setting the proper permissions. ... All database users, including the IUSR_MachineName account, need ...
    (microsoft.public.inetserver.asp.general)
  • Re: Drop down is not displaying over frames
    ... This will work with all your pages, no matter which folder they are in, so you only have the single copy of ADOVBS.INC to edit. ... dwt pages instead of frames) I would have to move ADOVBS.INC to the root ... subfolders - does that mean that if I wanted to always include the asp footer ...
    (microsoft.public.frontpage.programming)
  • .NET Framework Configuration Issue
    ... presentation layer in ASP. ... COM Interop), ASP pages, and a few .NET Web Services. ... Boolean stringized, Evidence assemblySecurity, StackCrawlMark& stackMark) ... I just opened my "Temporary ASP .NET Files" folder to Everyone, ...
    (microsoft.public.dotnet.general)
  • Re: Permission Denied
    ... The web page involved is a login page. ... I do not really need to show the webpage at all come to think of it. ... I have since tried making the folder as a subfolder of 'Calendar'. ... If you want to show the Web site in a separate window you can use automation ...
    (microsoft.public.outlook.program_forms)