I recently started working on a password-protected download system, which issues a User ID and Password linked to a specific file download. This protection allows 24 hours for a download.<BR><BR>Although it seems to be working correctly, I have not implemented it as I am unsure of my ASP skills, and I am also not sure if it is 100% secure. My preference would be to find a commercial/shareware solution to this problem, which does not require me to have access to installing DLL&#039;s (the server is not mine) or any other utilities, other than straight ASP code.<BR><BR>This is how it works:<BR>1. User is redirected to an ASP page where they need to enter UserID and Password, and select a file for download.<BR>2. They make the necessary slections and click DOWNLOAD.<BR>3. The ASP code uses Response.BinaryWrite to feed the file to the user&#039;s browser so that the source of the file is kept hidden. The file and directory information is strung together in the ASP code and then passed off to the browser using Response.BinaryWrite.<BR><BR>My questions are as follows:<BR>1. Is it possible for a user to hack the page and determine where the file is located? I know it is always possible, but perhaps some things I might look out for would be good.<BR>2. If the script crashes for some reason, will this reveal the actual code or make it available to the user? If so, any ideas on preventing this?<BR>3. What kinds of things could make the code accessible to the user?<BR>4. Any prevention suggestions?<BR>5. Is there any shareware/freeware/commercial ASP code out there (only pure ASP/VBscript) which already takes care of something like this?<BR><BR>Any help would be greatly appreciated.<BR><BR>Thanks<BR>Ian