Directory Security

Results 1 to 2 of 2

Thread: Directory Security

  1. #1
    Join Date
    Dec 1969

    Default Directory Security

    YOUR RESPONSE:<BR><BR> <BR>Help - Directory Security<BR> <BR>garent - 26 Apr - 10:00:18 AM<BR>--------------------------------------------------------------------------------<BR>I need to ensure files cannot be accessed (linked to) directly in any of my sites directories. The main concern is for the non-ASP files like powerpoint presentations, pdf files...etc. which I cannot control with include files (for security validation).<BR><BR>Any ideas?<BR><BR>One angle I&#039;ve been trying (with no success) is through Internet Services Manager(ISM) - setup all directories to redirect to our dislcaimer page. The idea is that the disclaimer page would validate if the user has been authenticated and if so redirect back to the requestting url. But if ISM is always routing requests back to the dislcaimer page then I&#039;m stuck in a loop.<BR><BR>So, I&#039;m trying to use Server.EncodeURL(RequestedLink) to bypass the loop and write directly to HTTP header(???)<BR><BR>====TEST CODE======<BR>Dim strURL<BR>Dim strEncodedURL<BR>strURL = "http://kop-dc01/test.htm"<BR>strEncodedURL = Server.URLencode(strURL)<BR>Response.Redirect strEncodedURL<BR>===================<BR><BR>The Response.Redirect fails everytime unless I use an actual "HTTP://..." string. I&#039;m not sure that the Server.URLencode would even work with Response.Redirect.<BR><BR>Let me know your thoughts and if you need more info.<BR>Also, if this helps, I&#039;m migrating a site that was done using unix security via an .htaccess file and I&#039;m following that logic with the scenerio outlined above.<BR><BR>Greatly appreciate any assistance - GarenT <BR> <BR>

  2. #2
    Join Date
    Dec 1969

    Default RE: Directory Security

    Use the ADODB.Stream to "pass" files back to the user (Google for loads of examples/tutorials), rather than linking directly to them.<BR><BR>Craig.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts