Re: Protecting a folder
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 35721
interpreted = N
texte = With large files I wonder if it wouldn't be faster to use [applescript] tocreate an alias of the file instead of using [copyfile]. Just a thought.I've never actually tried it. Of course if you're on another platform, thatwon't help you.Mikeon 8/3/00 7:42 PM, Peter Ostry at po@ostry.com wrote:> I would be very surprised if resetting the header can do it. The only way (I> know) to change user and password on the fly is to put them into the URL:> http://myname:mypass@www.server.com/download/...> But how to hide this? Frames won't fool an experienced user, neither a> refresh. And you can't encrypt this part of the URL.> > Sorry, I have no other idea yet than the move/rename approach. If the files> are not really huge and you can't have a folder outside the root I would try> it: for testing name the files like filename.db which prevents delivery by> your Webstar.> > The following assumes you have a folder /download/ which holds your> original .sit files but all with the suffix .db> > 1 - Deliver a faked listing:> [listfiles /download/]> [getchars start=3&from=end][filename].sit[/getchars]
> [/listfiles]> (so the user will never see a .db extension)> Yes, the download must point to a template, not to a file.> 2 - User clicks on a link.> 3 - Create a temporary folder [SessionID]> 4 - Move /download/filename.db to /[SessionID]/filename.temp> 5 - WaitForFile /[SessionID]/filename.temp> 6 - Rename it to /[SessionID]/filename.sit> 7 - Redirect to this file, this starts the download> > Later you will find a chance to remove the SessionID from the user and> delete filename.sit plus the temporary folder.> > We are on Linux now with most servers and I'm not sure if copying large> files is a good idea on newer Mac's. And you might not need the above> temp-sit-renaming on Mac after the copy. On Linux I do, because the file> emerges immediately and [waitforfile] sees it to early.> > Hope, this is worth a try :)> > > Peter> > ---> >> From: Stuart Tremain
>> Reply-To: (WebCatalog Talk)>> Date: 04 Aug 2000 10:27:33>> To: (WebCatalog Talk)>> Subject: Re: Protecting a folder>> >> I'm using [ListFiles] to display what is available.>> >> The files are accessible from a protected template. I basically don't want>> people to access them without going through the template as it logs their>> access etc etc and the visitor would be able to access the folder directly if>> I can't protect it.>> >> Are the ID & pasword passed by the browser in the header, could I reset the>> header to include a generic password to get them into the realm from the>> template? Would this be secure enough?> > > -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to> > Web Archive of this list is at: http://search.smithmicro.com/> -------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
With large files I wonder if it wouldn't be faster to use [applescript] tocreate an alias of the file instead of using [copyfile]. Just a thought.I've never actually tried it. Of course if you're on another platform, thatwon't help you.Mikeon 8/3/00 7:42 PM, Peter Ostry at po@ostry.com wrote:> I would be very surprised if resetting the header can do it. The only way (I> know) to change user and password on the fly is to put them into the URL:> http://myname:mypass@www.server.com/download/...> But how to hide this? Frames won't fool an experienced user, neither a> refresh. And you can't encrypt this part of the URL.> > Sorry, I have no other idea yet than the move/rename approach. If the files> are not really huge and you can't have a folder outside the root I would try> it: for testing name the files like filename.db which prevents delivery by> your Webstar.> > The following assumes you have a folder /download/ which holds your> original .sit files but all with the suffix .db> > 1 - Deliver a faked listing:> [listfiles /download/]> [getchars start=3&from=end][filename].sit[/getchars]
> [/listfiles]> (so the user will never see a .db extension)> Yes, the download must point to a template, not to a file.> 2 - User clicks on a link.> 3 - Create a temporary folder [SessionID]> 4 - Move /download/filename.db to /[SessionID]/filename.temp> 5 - WaitForFile /[SessionID]/filename.temp> 6 - Rename it to /[SessionID]/filename.sit> 7 - Redirect to this file, this starts the download> > Later you will find a chance to remove the SessionID from the user and> delete filename.sit plus the temporary folder.> > We are on Linux now with most servers and I'm not sure if copying large> files is a good idea on newer Mac's. And you might not need the above> temp-sit-renaming on Mac after the copy. On Linux I do, because the file> emerges immediately and [waitforfile] sees it to early.> > Hope, this is worth a try :)> > > Peter> > ---> >> From: Stuart Tremain >> Reply-To: (WebCatalog Talk)>> Date: 04 Aug 2000 10:27:33>> To: (WebCatalog Talk)>> Subject: Re: Protecting a folder>> >> I'm using [listfiles] to display what is available.>> >> The files are accessible from a protected template. I basically don't want>> people to access them without going through the template as it logs their>> access etc etc and the visitor would be able to access the folder directly if>> I can't protect it.>> >> Are the ID & pasword passed by the browser in the header, could I reset the>> header to include a generic password to get them into the realm from the>> template? Would this be secure enough?> > > -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to> > Web Archive of this list is at: http://search.smithmicro.com/> -------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Michael Davis
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
replacing items in a db (2000)
C is for cookie - that's good enough for me... (2001)
[WebDNA] Serial numbers and pricing for WebDNA 7.0 (2011)
OT: MacAuthorize (2001)
Stumpted Again (1997)
how do I delete 1 of 2 identical records? (2003)
access denied problem (1997)
RE: E-mailer error codes (1997)
Help! WebCat2 bug (1997)
WebCatalog for Postcards ? (1997)
Email Mac (2002)
Am I going senile? (Price recalc based on quantity) (1997)
Running 2 two WebCatalog.acgi's (1996)
FYI: Error message (1996)
Running _every_ page through WebCat-error.html (1997)
Multiple SSL Keys (1998)
webcat- multiple selection in input field (1997)
possible, WebCat2.0 and checkboxes-restated (1997)
Webcatalog on MacOs (2000)
Line items in table cells (1997)