Hiding file download urls

Results 1 to 2 of 2

Thread: Hiding file download urls

  1. #1
    Dave W Guest

    Default Hiding file download urls

    Forgive my brain fade, but whats a good way of keeping a download link secure / hidden but also allow users to be able to download files easily?<BR><BR>ie - a directory contains 100&#039;s of downloads and if a customer purchases 1, I dont want them to start guessing at the links of the others, given they now have some path information.<BR><BR><BR>Thanks.

  2. #2
    Yamaki Guest

    Default RE: Hiding file download urls

    Dear Dave:<BR><BR>You can create a hyperlink to an ASP page. For example:<BR>&#060;a href="getdocument.asp?id=1324"&#062;My Document Download&#060;/a&#062;<BR><BR>Within the getdocument.asp you can do a lot of stuff...e.g. call a database with a store of urls (exact location of where the file is). The you would response.redirect to this page. The browser would then see this new link, but the user can&#039;t easily guess the url. To further secure the links getdocument.asp can use ServerVariables to verify the HTTP REFERER (i think that&#039;s the spelling) and referring page to make sure that it was clicked on and not guessed.<BR><BR>getdocument.asp could look as simple as this<BR>-------------------<BR>&#060;%<BR>Response.Redirect("actualdocument.d oc")<BR>%&#062;<BR>-------------------<BR><BR>Or like this<BR><BR>-------------------<BR>&#060;%<BR>&#039;CHECK REFFERER DOES SOME URL REFERENCE CHECKING<BR>If checkReferrer(xyz) Then<BR> Response.Redirect("actualdocument.doc")<BR>Else<BR > Response.Redirect("error.asp")<BR>End If<BR>%&#062;<BR>-------------------<BR><BR>Hope this helps your brain-fart! Take care.<BR><BR>Yamaki<BR>&#060;&#062;&#060;

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts