Re: Protecting a folder

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 35719
interpreted = N
texte = Peter Thanks for your thoughts, I'll give it a go. See what happens :) -- Stuart TremainDigital Imaging Division The Ad-Libitum Group 48 Victoria Street North Sydney 2060 Australia Phone: +612 9959 5633 Fax: +612 9929 4146email: stuartt@adlib.com.au http://www.adlib.com.auOn Friday, 4 August 2000, Peter Ostry wrote: >I would be very surprised if resetting the header can do it. The only way (I >know) to change user and password on the fly is to put them into the URL: >http://myname:mypass@www.server.com/download/... >But how to hide this? Frames won't fool an experienced user, neither a >refresh. And you can't encrypt this part of the URL. > >Sorry, I have no other idea yet than the move/rename approach. If the files >are not really huge and you can't have a folder outside the root I would try >it: for testing name the files like filename.db which prevents delivery by >your Webstar. > >The following assumes you have a folder /download/ which holds your >original .sit files but all with the suffix .db > >1 - Deliver a faked listing: >[listfiles /download/] >[getchars start=3&from=end][filename].sit[/getchars]
>[/listfiles] >(so the user will never see a .db extension) >Yes, the download must point to a template, not to a file. >2 - User clicks on a link. >3 - Create a temporary folder [SessionID] >4 - Move /download/filename.db to /[SessionID]/filename.temp >5 - WaitForFile /[SessionID]/filename.temp >6 - Rename it to /[SessionID]/filename.sit >7 - Redirect to this file, this starts the download > >Later you will find a chance to remove the SessionID from the user and >delete filename.sit plus the temporary folder. > >We are on Linux now with most servers and I'm not sure if copying large >files is a good idea on newer Mac's. And you might not need the above >temp-sit-renaming on Mac after the copy. On Linux I do, because the file >emerges immediately and [waitforfile] sees it to early. > >Hope, this is worth a try :) > > >Peter > >--- > >> From: Stuart Tremain >> Reply-To: (WebCatalog Talk) >> Date: 04 Aug 2000 10:27:33 >> To: (WebCatalog Talk) >> Subject: Re: Protecting a folder >> >> I'm using [ListFiles] to display what is available. >> >> The files are accessible from a protected template. I basically don't want >> people to access them without going through the template as it logs their >> access etc etc and the visitor would be able to access the folder directly if >> I can't protect it. >> >> Are the ID & pasword passed by the browser in the header, could I reset the >> header to include a generic password to get them into the realm from the >> template? Would this be secure enough? > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://search.smithmicro.com/ >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. [OT] Password protecting a folder in iTools (WJ Starck 2003)
  2. Re: Protecting a folder (Michael Davis 2000)
  3. Re: Protecting a folder (Stuart Tremain 2000)
  4. Re: Protecting a folder (Peter Ostry 2000)
  5. Re: Protecting a folder (Stuart Tremain 2000)
  6. Re: Protecting a folder (Peter Ostry 2000)
  7. Re: Protecting a folder (Stuart Tremain 2000)
  8. Re: Protecting a folder (Peter Ostry 2000)
  9. Re: Protecting a folder (Stuart Tremain 2000)
  10. Re: Protecting a folder (Peter Ostry 2000)
  11. Protecting a folder (Stuart Tremain 2000)
Peter Thanks for your thoughts, I'll give it a go. See what happens :) -- Stuart TremainDigital Imaging Division The Ad-Libitum Group 48 Victoria Street North Sydney 2060 Australia Phone: +612 9959 5633 Fax: +612 9929 4146email: stuartt@adlib.com.au http://www.adlib.com.auOn Friday, 4 August 2000, Peter Ostry wrote: >I would be very surprised if resetting the header can do it. The only way (I >know) to change user and password on the fly is to put them into the URL: >http://myname:mypass@www.server.com/download/... >But how to hide this? Frames won't fool an experienced user, neither a >refresh. And you can't encrypt this part of the URL. > >Sorry, I have no other idea yet than the move/rename approach. If the files >are not really huge and you can't have a folder outside the root I would try >it: for testing name the files like filename.db which prevents delivery by >your Webstar. > >The following assumes you have a folder /download/ which holds your >original .sit files but all with the suffix .db > >1 - Deliver a faked listing: >[listfiles /download/] >[getchars start=3&from=end][filename].sit[/getchars]
>[/listfiles] >(so the user will never see a .db extension) >Yes, the download must point to a template, not to a file. >2 - User clicks on a link. >3 - Create a temporary folder [SessionID] >4 - Move /download/filename.db to /[SessionID]/filename.temp >5 - WaitForFile /[SessionID]/filename.temp >6 - Rename it to /[SessionID]/filename.sit >7 - Redirect to this file, this starts the download > >Later you will find a chance to remove the SessionID from the user and >delete filename.sit plus the temporary folder. > >We are on Linux now with most servers and I'm not sure if copying large >files is a good idea on newer Mac's. And you might not need the above >temp-sit-renaming on Mac after the copy. On Linux I do, because the file >emerges immediately and [waitforfile] sees it to early. > >Hope, this is worth a try :) > > >Peter > >--- > >> From: Stuart Tremain >> Reply-To: (WebCatalog Talk) >> Date: 04 Aug 2000 10:27:33 >> To: (WebCatalog Talk) >> Subject: Re: Protecting a folder >> >> I'm using [listfiles] to display what is available. >> >> The files are accessible from a protected template. I basically don't want >> people to access them without going through the template as it logs their >> access etc etc and the visitor would be able to access the folder directly if >> I can't protect it. >> >> Are the ID & pasword passed by the browser in the header, could I reset the >> header to include a generic password to get them into the realm from the >> template? Would this be secure enough? > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://search.smithmicro.com/ >------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Stuart Tremain

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebCat2b15MacPlugin - [protect] (1997) Date Bug (1998) SMSI BUG: RandSeed broken on 4.0.2 / Mac OS X (2002) Multiple Passwords (1997) [ShowNext] (1997) PCS Customer submissions ? (1997) Paranoid about serial numbers...not (1998) Re:no [search] with NT (1997) Dates and Math - Simple Subtraction (2004) carriage returns in data (1997) Problems adding stuff to the shopping cart. (1997) [WebDNA] Version 7 Config problem (2011) Post size Limit? (1998) webdna preferences (2005) For those of you not on the WebCatalog Beta... (1997) View order not right (1997) Re:Emailer tracking (1997) Setting up shop (1997) Protecting Realms (1998) Cart Numbers (1997)