Re: Protecting a folder
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 35719
interpreted = N
texte = Peter Thanks for your thoughts, I'll give it a go. See what happens :)-- Stuart TremainDigital Imaging DivisionThe Ad-Libitum Group48 Victoria StreetNorth Sydney 2060 AustraliaPhone: +612 9959 5633 Fax: +612 9929 4146email: stuartt@adlib.com.auhttp://www.adlib.com.auOn Friday, 4 August 2000, Peter Ostry
wrote:>I would be very surprised if resetting the header can do it. The only way (I>know) to change user and password on the fly is to put them into the URL:>http://myname:mypass@www.server.com/download/...>But how to hide this? Frames won't fool an experienced user, neither a>refresh. And you can't encrypt this part of the URL.>>Sorry, I have no other idea yet than the move/rename approach. If the files>are not really huge and you can't have a folder outside the root I would try>it: for testing name the files like filename.db which prevents delivery by>your Webstar.>>The following assumes you have a folder /download/ which holds your>original .sit files but all with the suffix .db>>1 - Deliver a faked listing:>[listfiles /download/]>[getchars start=3&from=end][filename].sit[/getchars]
>[/listfiles]>(so the user will never see a .db extension)>Yes, the download must point to a template, not to a file.>2 - User clicks on a link.>3 - Create a temporary folder [SessionID]>4 - Move /download/filename.db to /[SessionID]/filename.temp>5 - WaitForFile /[SessionID]/filename.temp>6 - Rename it to /[SessionID]/filename.sit>7 - Redirect to this file, this starts the download>>Later you will find a chance to remove the SessionID from the user and>delete filename.sit plus the temporary folder.>>We are on Linux now with most servers and I'm not sure if copying large>files is a good idea on newer Mac's. And you might not need the above>temp-sit-renaming on Mac after the copy. On Linux I do, because the file>emerges immediately and [waitforfile] sees it to early.>>Hope, this is worth a try :)>>>Peter>>--->>> From: Stuart Tremain >> Reply-To: (WebCatalog Talk)>> Date: 04 Aug 2000 10:27:33>> To: (WebCatalog Talk)>> Subject: Re: Protecting a folder>> >> I'm using [ListFiles] to display what is available.>> >> The files are accessible from a protected template. I basically don't want>> people to access them without going through the template as it logs their>> access etc etc and the visitor would be able to access the folder directly if>> I can't protect it.>> >> Are the ID & pasword passed by the browser in the header, could I reset the>> header to include a generic password to get them into the realm from the>> template? Would this be secure enough?>>>------------------------------------------------------------->This message is sent to you because you are subscribed to> the mailing list .>To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://search.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Peter Thanks for your thoughts, I'll give it a go. See what happens :)-- Stuart TremainDigital Imaging DivisionThe Ad-Libitum Group48 Victoria StreetNorth Sydney 2060 AustraliaPhone: +612 9959 5633 Fax: +612 9929 4146email: stuartt@adlib.com.auhttp://www.adlib.com.auOn Friday, 4 August 2000, Peter Ostry wrote:>I would be very surprised if resetting the header can do it. The only way (I>know) to change user and password on the fly is to put them into the URL:>http://myname:mypass@www.server.com/download/...>But how to hide this? Frames won't fool an experienced user, neither a>refresh. And you can't encrypt this part of the URL.>>Sorry, I have no other idea yet than the move/rename approach. If the files>are not really huge and you can't have a folder outside the root I would try>it: for testing name the files like filename.db which prevents delivery by>your Webstar.>>The following assumes you have a folder /download/ which holds your>original .sit files but all with the suffix .db>>1 - Deliver a faked listing:>[listfiles /download/]>[getchars start=3&from=end][filename].sit[/getchars]
>[/listfiles]>(so the user will never see a .db extension)>Yes, the download must point to a template, not to a file.>2 - User clicks on a link.>3 - Create a temporary folder [SessionID]>4 - Move /download/filename.db to /[SessionID]/filename.temp>5 - WaitForFile /[SessionID]/filename.temp>6 - Rename it to /[SessionID]/filename.sit>7 - Redirect to this file, this starts the download>>Later you will find a chance to remove the SessionID from the user and>delete filename.sit plus the temporary folder.>>We are on Linux now with most servers and I'm not sure if copying large>files is a good idea on newer Mac's. And you might not need the above>temp-sit-renaming on Mac after the copy. On Linux I do, because the file>emerges immediately and [waitforfile] sees it to early.>>Hope, this is worth a try :)>>>Peter>>--->>> From: Stuart Tremain >> Reply-To: (WebCatalog Talk)>> Date: 04 Aug 2000 10:27:33>> To: (WebCatalog Talk)>> Subject: Re: Protecting a folder>> >> I'm using [listfiles] to display what is available.>> >> The files are accessible from a protected template. I basically don't want>> people to access them without going through the template as it logs their>> access etc etc and the visitor would be able to access the folder directly if>> I can't protect it.>> >> Are the ID & pasword passed by the browser in the header, could I reset the>> header to include a generic password to get them into the realm from the>> template? Would this be secure enough?>>>------------------------------------------------------------->This message is sent to you because you are subscribed to> the mailing list .>To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://search.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Stuart Tremain
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
WebCat2b15MacPlugin - [protect] (1997)
Date Bug (1998)
SMSI BUG: RandSeed broken on 4.0.2 / Mac OS X (2002)
Multiple Passwords (1997)
[ShowNext] (1997)
PCS Customer submissions ? (1997)
Paranoid about serial numbers...not (1998)
Re:no [search] with NT (1997)
Dates and Math - Simple Subtraction (2004)
carriage returns in data (1997)
Problems adding stuff to the shopping cart. (1997)
[WebDNA] Version 7 Config problem (2011)
Post size Limit? (1998)
webdna preferences (2005)
For those of you not on the WebCatalog Beta... (1997)
View order not right (1997)
Re:Emailer tracking (1997)
Setting up shop (1997)
Protecting Realms (1998)
Cart Numbers (1997)