Re: Securing file access

[PD9 Software <info () pd9soft com>]

John M. L. wrote:

> In order to access the files, the database
> would link a file to a unique id, so a page that validates the user would
> then give access to the file stored outside of the www on the server.  Now,
> this is where the real question lies.  How is this possible since the files
> are not in a www accessible path
agree with this approach. 

The best way is to create a file that does two things:
1. Checks that the user is authenticated
2. Reads the file from the filesystem and hands it back to the client.

Typically I have accomplished this through reading the otherwise 
inaccessable file using either the FilesystemObject or ADO's Stream 
object, then using response.binarywrite to send it back to the browser.

While there are almost certainly other approaches that will work as well 
or better, I have done it this way in the past, and if you would like 
some sample ASP code to look over, I can send it to you off the list.


--
 Matt Summers
 PD9 Software, Inc 

 http://www.pd9hosting.com / Hosting & Design
 http://www.pd9soft.com

 4520 Moorfield Ln
 Fort Wayne, IN 46816
 (815)642-9367 - Fax