ASP & Security Questions - Best way to secure file

Results 1 to 2 of 2

Thread: ASP & Security Questions - Best way to secure file

  1. #1
    Join Date
    Dec 1969

    Default ASP & Security Questions - Best way to secure file

    The company I work for wants to protect files in a directory from unauthorized visitors - only customers etc. should have <BR>access to this stuff. In the directory are mostly PDFs containing product info, and we were going to bundle this whole thing with an e-commerce site. However, we&#039;d like to get this out there now before the e-commerce portion of our site. The <BR>idea floated was to password protect the pages in Frontpage, but I didn&#039;t think that was the best idea...I thought something more secure would be good. So, I thought some sort of ASP user verification / password deal would be great. But I saw most of these scripts required the code be put in every document, and, most of it didn&#039;t look all that secure. So I found this <BR>article about creating my own ActiveX DLL with ASP and HTML to tie to it. I would like to know if I have the concept down right: <BR><BR>I was told I need to have a dedicated server because most webhosts don&#039;t allow custom DLLs. Is this true? Let&#039;s say I can find a webhost that allows this. I guess the files - pdf, etc. - would be located in a folder not accessible <BR>via the Internet (by a browser). The ASP, using the ActiveX DLL would prompt for a username and password, and if correct, pass the files from the hidden / protected location to web browser. Is this right? <BR><BR>My three questions: <BR><BR>1) Should I A) Get the general code from an explanation article to web programmers to improve and customize it or C) get the whole thing outsourced? How much is a good cost? How safe is this? <BR><BR>2) Could this be [somewhat] easily imported into an e-commerce system (one that uses user-authentication, order history, etc.) that we would like to launch? Could I link the password and username info to the e-commerce ones, so entering one gets you access to both? <BR><BR>3) For simple protection, why not use a passworded .htaccess file plus some asp to support it? I know that&#039;s a pretty cheesy question, but it seems like that way, you can&#039;t pull anything out of the directory. Why isn&#039;t this a used way to do things (aside from the files being on the web)? <BR><BR>Thanks so much!!!! I&#039;m not sure if this copies to my inbox too, but if have the chance, please also email me the answers to Thanks again! <BR><BR>Bill S.

  2. #2
    Join Date
    Dec 1969

    Default Well...

    Personally, I wouldn&#039;t use ASP to secure information, ESPECIALLY if you&#039;re talking about expanding the system in time.<BR><BR>Personally I would use Site Server to secure the pages. However, finding a host which uses Site Server may up the cost considerably. Plus, selling it at a later date would also be a problem.<BR><BR>As a result, you could use ASP. However, bear in mind that you need to either:<BR>1) Have only ASP page which are secured (securing PDFs won&#039;t work because the ASP has to execute to deny access), or<BR>2) Use the ADODB.Stream object to stream the file to the user. If the file&#039;s large, ASP will time out.<BR><BR>Could it be imported into an e-commerce system? Yeah, of course. If you&#039;re using Site Server, it&#039;s done: Commerce Server :)<BR><BR>If you&#039;re using an ASP-based solution, then yeah - I don&#039;t see why not.<BR><BR>As for your #3... .htaccess files are Unix. They don&#039;t work on Windows. The equivalent would be to restrict access using Windows NTFS authentication. However, you need to actually create the Windows NT accounts for that to work.<BR><BR>Craig.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts