Re: Protecting a folder
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 35719
interpreted = N
texte = Peter Thanks for your thoughts, I'll give it a go. See what happens :)-- Stuart TremainDigital Imaging DivisionThe Ad-Libitum Group48 Victoria StreetNorth Sydney 2060 AustraliaPhone: +612 9959 5633 Fax: +612 9929 4146email: stuartt@adlib.com.auhttp://www.adlib.com.auOn Friday, 4 August 2000, Peter Ostry
wrote:>I would be very surprised if resetting the header can do it. The only way (I>know) to change user and password on the fly is to put them into the URL:>http://myname:mypass@www.server.com/download/...>But how to hide this? Frames won't fool an experienced user, neither a>refresh. And you can't encrypt this part of the URL.>>Sorry, I have no other idea yet than the move/rename approach. If the files>are not really huge and you can't have a folder outside the root I would try>it: for testing name the files like filename.db which prevents delivery by>your Webstar.>>The following assumes you have a folder /download/ which holds your>original .sit files but all with the suffix .db>>1 - Deliver a faked listing:>[listfiles /download/]>[getchars start=3&from=end][filename].sit[/getchars]
>[/listfiles]>(so the user will never see a .db extension)>Yes, the download must point to a template, not to a file.>2 - User clicks on a link.>3 - Create a temporary folder [SessionID]>4 - Move /download/filename.db to /[SessionID]/filename.temp>5 - WaitForFile /[SessionID]/filename.temp>6 - Rename it to /[SessionID]/filename.sit>7 - Redirect to this file, this starts the download>>Later you will find a chance to remove the SessionID from the user and>delete filename.sit plus the temporary folder.>>We are on Linux now with most servers and I'm not sure if copying large>files is a good idea on newer Mac's. And you might not need the above>temp-sit-renaming on Mac after the copy. On Linux I do, because the file>emerges immediately and [waitforfile] sees it to early.>>Hope, this is worth a try :)>>>Peter>>--->>> From: Stuart Tremain >> Reply-To: (WebCatalog Talk)>> Date: 04 Aug 2000 10:27:33>> To: (WebCatalog Talk)>> Subject: Re: Protecting a folder>> >> I'm using [ListFiles] to display what is available.>> >> The files are accessible from a protected template. I basically don't want>> people to access them without going through the template as it logs their>> access etc etc and the visitor would be able to access the folder directly if>> I can't protect it.>> >> Are the ID & pasword passed by the browser in the header, could I reset the>> header to include a generic password to get them into the realm from the>> template? Would this be secure enough?>>>------------------------------------------------------------->This message is sent to you because you are subscribed to> the mailing list .>To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://search.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Peter Thanks for your thoughts, I'll give it a go. See what happens :)-- Stuart TremainDigital Imaging DivisionThe Ad-Libitum Group48 Victoria StreetNorth Sydney 2060 AustraliaPhone: +612 9959 5633 Fax: +612 9929 4146email: stuartt@adlib.com.auhttp://www.adlib.com.auOn Friday, 4 August 2000, Peter Ostry wrote:>I would be very surprised if resetting the header can do it. The only way (I>know) to change user and password on the fly is to put them into the URL:>http://myname:mypass@www.server.com/download/...>But how to hide this? Frames won't fool an experienced user, neither a>refresh. And you can't encrypt this part of the URL.>>Sorry, I have no other idea yet than the move/rename approach. If the files>are not really huge and you can't have a folder outside the root I would try>it: for testing name the files like filename.db which prevents delivery by>your Webstar.>>The following assumes you have a folder /download/ which holds your>original .sit files but all with the suffix .db>>1 - Deliver a faked listing:>[listfiles /download/]>[getchars start=3&from=end][filename].sit[/getchars]
>[/listfiles]>(so the user will never see a .db extension)>Yes, the download must point to a template, not to a file.>2 - User clicks on a link.>3 - Create a temporary folder [SessionID]>4 - Move /download/filename.db to /[SessionID]/filename.temp>5 - WaitForFile /[SessionID]/filename.temp>6 - Rename it to /[SessionID]/filename.sit>7 - Redirect to this file, this starts the download>>Later you will find a chance to remove the SessionID from the user and>delete filename.sit plus the temporary folder.>>We are on Linux now with most servers and I'm not sure if copying large>files is a good idea on newer Mac's. And you might not need the above>temp-sit-renaming on Mac after the copy. On Linux I do, because the file>emerges immediately and [waitforfile] sees it to early.>>Hope, this is worth a try :)>>>Peter>>--->>> From: Stuart Tremain >> Reply-To: (WebCatalog Talk)>> Date: 04 Aug 2000 10:27:33>> To: (WebCatalog Talk)>> Subject: Re: Protecting a folder>> >> I'm using [listfiles] to display what is available.>> >> The files are accessible from a protected template. I basically don't want>> people to access them without going through the template as it logs their>> access etc etc and the visitor would be able to access the folder directly if>> I can't protect it.>> >> Are the ID & pasword passed by the browser in the header, could I reset the>> header to include a generic password to get them into the realm from the>> template? Would this be secure enough?>>>------------------------------------------------------------->This message is sent to you because you are subscribed to> the mailing list .>To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://search.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Stuart Tremain
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
GuestBook example (1997)
Pithy questions on webcommerce & siteedit (1997)
WC1.6 to WC2 date formatting (1997)
Mac System Experience (1998)
Live Webcasts (1999)
verify online (1997)
linetiems in thankyou.tpl (1997)
Emailer setup (1997)
Numbers only code (2000)
Re[2]: Hiding files/images. (2000)
Format of Required fields error message (1997)
Webcatalog 4.0 - When will we be able to beta test it? (2000)
WebCommerce: Folder organization ? (1997)
Protect Tag and Groups (1998)
filemaker - orderfile (1997)
Grep to convert characters to html entities (2006)
Version issue? (2004)
Grep and <> (2005)
sendmail error (1997)
[WebDNA] BOOTSTRAP and WebDNA (2017)