Re: Protecting a folder

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 35718
interpreted = N
texte = I would be very surprised if resetting the header can do it. The only way (I know) to change user and password on the fly is to put them into the URL: http://myname:mypass@www.server.com/download/... But how to hide this? Frames won't fool an experienced user, neither a refresh. And you can't encrypt this part of the URL.Sorry, I have no other idea yet than the move/rename approach. If the files are not really huge and you can't have a folder outside the root I would try it: for testing name the files like filename.db which prevents delivery by your Webstar.The following assumes you have a folder /download/ which holds your original .sit files but all with the suffix .db1 - Deliver a faked listing: [listfiles /download/] [getchars start=3&from=end][filename].sit[/getchars]
[/listfiles] (so the user will never see a .db extension) Yes, the download must point to a template, not to a file. 2 - User clicks on a link. 3 - Create a temporary folder [SessionID] 4 - Move /download/filename.db to /[SessionID]/filename.temp 5 - WaitForFile /[SessionID]/filename.temp 6 - Rename it to /[SessionID]/filename.sit 7 - Redirect to this file, this starts the downloadLater you will find a chance to remove the SessionID from the user and delete filename.sit plus the temporary folder.We are on Linux now with most servers and I'm not sure if copying large files is a good idea on newer Mac's. And you might not need the above temp-sit-renaming on Mac after the copy. On Linux I do, because the file emerges immediately and [waitforfile] sees it to early.Hope, this is worth a try :) Peter---> From: Stuart Tremain > Reply-To: (WebCatalog Talk) > Date: 04 Aug 2000 10:27:33 > To: (WebCatalog Talk) > Subject: Re: Protecting a folder > > I'm using [ListFiles] to display what is available. > > The files are accessible from a protected template. I basically don't want > people to access them without going through the template as it logs their > access etc etc and the visitor would be able to access the folder directly if > I can't protect it. > > Are the ID & pasword passed by the browser in the header, could I reset the > header to include a generic password to get them into the realm from the > template? Would this be secure enough? ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. [OT] Password protecting a folder in iTools (WJ Starck 2003)
  2. Re: Protecting a folder (Michael Davis 2000)
  3. Re: Protecting a folder (Stuart Tremain 2000)
  4. Re: Protecting a folder (Peter Ostry 2000)
  5. Re: Protecting a folder (Stuart Tremain 2000)
  6. Re: Protecting a folder (Peter Ostry 2000)
  7. Re: Protecting a folder (Stuart Tremain 2000)
  8. Re: Protecting a folder (Peter Ostry 2000)
  9. Re: Protecting a folder (Stuart Tremain 2000)
  10. Re: Protecting a folder (Peter Ostry 2000)
  11. Protecting a folder (Stuart Tremain 2000)
I would be very surprised if resetting the header can do it. The only way (I know) to change user and password on the fly is to put them into the URL: http://myname:mypass@www.server.com/download/... But how to hide this? Frames won't fool an experienced user, neither a refresh. And you can't encrypt this part of the URL.Sorry, I have no other idea yet than the move/rename approach. If the files are not really huge and you can't have a folder outside the root I would try it: for testing name the files like filename.db which prevents delivery by your Webstar.The following assumes you have a folder /download/ which holds your original .sit files but all with the suffix .db1 - Deliver a faked listing: [listfiles /download/] [getchars start=3&from=end][filename].sit[/getchars]
[/listfiles] (so the user will never see a .db extension) Yes, the download must point to a template, not to a file. 2 - User clicks on a link. 3 - Create a temporary folder [SessionID] 4 - Move /download/filename.db to /[SessionID]/filename.temp 5 - WaitForFile /[SessionID]/filename.temp 6 - Rename it to /[SessionID]/filename.sit 7 - Redirect to this file, this starts the downloadLater you will find a chance to remove the SessionID from the user and delete filename.sit plus the temporary folder.We are on Linux now with most servers and I'm not sure if copying large files is a good idea on newer Mac's. And you might not need the above temp-sit-renaming on Mac after the copy. On Linux I do, because the file emerges immediately and [waitforfile] sees it to early.Hope, this is worth a try :) Peter---> From: Stuart Tremain > Reply-To: (WebCatalog Talk) > Date: 04 Aug 2000 10:27:33 > To: (WebCatalog Talk) > Subject: Re: Protecting a folder > > I'm using [listfiles] to display what is available. > > The files are accessible from a protected template. I basically don't want > people to access them without going through the template as it logs their > access etc etc and the visitor would be able to access the folder directly if > I can't protect it. > > Are the ID & pasword passed by the browser in the header, could I reset the > header to include a generic password to get them into the realm from the > template? Would this be secure enough? ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Peter Ostry

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

FORMS: Returning a specific page (1997) many-to-one problem (1998) all records returned. (1997) Sendmail (1997) CC Merchant suggestions?? (1997) carriage returns in data (1997) [WebDNA] WebDNA glitch, no response required ... (2009) WebCat + IIS (2001) [referrer] tag (1997) Spiders (2000) Cart ID Duplication (2001) WebCat2 several catalogs? (1997) [searchString] (1997) emailer w/F2 (1997) Fun with dates (1997) WebDNA 6 (2004) [GROUPS] followup (1997) Incrementing a number (1998) Mime Headers for Mail (1998) Showing unopened cart (1997)