Re: Protecting a folder
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 35721
interpreted = N
texte = With large files I wonder if it wouldn't be faster to use [applescript] tocreate an alias of the file instead of using [copyfile]. Just a thought.I've never actually tried it. Of course if you're on another platform, thatwon't help you.Mikeon 8/3/00 7:42 PM, Peter Ostry at po@ostry.com wrote:> I would be very surprised if resetting the header can do it. The only way (I> know) to change user and password on the fly is to put them into the URL:> http://myname:mypass@www.server.com/download/...> But how to hide this? Frames won't fool an experienced user, neither a> refresh. And you can't encrypt this part of the URL.> > Sorry, I have no other idea yet than the move/rename approach. If the files> are not really huge and you can't have a folder outside the root I would try> it: for testing name the files like filename.db which prevents delivery by> your Webstar.> > The following assumes you have a folder /download/ which holds your> original .sit files but all with the suffix .db> > 1 - Deliver a faked listing:> [listfiles /download/]> [getchars start=3&from=end][filename].sit[/getchars]
> [/listfiles]> (so the user will never see a .db extension)> Yes, the download must point to a template, not to a file.> 2 - User clicks on a link.> 3 - Create a temporary folder [SessionID]> 4 - Move /download/filename.db to /[SessionID]/filename.temp> 5 - WaitForFile /[SessionID]/filename.temp> 6 - Rename it to /[SessionID]/filename.sit> 7 - Redirect to this file, this starts the download> > Later you will find a chance to remove the SessionID from the user and> delete filename.sit plus the temporary folder.> > We are on Linux now with most servers and I'm not sure if copying large> files is a good idea on newer Mac's. And you might not need the above> temp-sit-renaming on Mac after the copy. On Linux I do, because the file> emerges immediately and [waitforfile] sees it to early.> > Hope, this is worth a try :)> > > Peter> > ---> >> From: Stuart Tremain
>> Reply-To: (WebCatalog Talk)>> Date: 04 Aug 2000 10:27:33>> To: (WebCatalog Talk)>> Subject: Re: Protecting a folder>> >> I'm using [ListFiles] to display what is available.>> >> The files are accessible from a protected template. I basically don't want>> people to access them without going through the template as it logs their>> access etc etc and the visitor would be able to access the folder directly if>> I can't protect it.>> >> Are the ID & pasword passed by the browser in the header, could I reset the>> header to include a generic password to get them into the realm from the>> template? Would this be secure enough?> > > -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to> > Web Archive of this list is at: http://search.smithmicro.com/> -------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
With large files I wonder if it wouldn't be faster to use [applescript] tocreate an alias of the file instead of using [copyfile]. Just a thought.I've never actually tried it. Of course if you're on another platform, thatwon't help you.Mikeon 8/3/00 7:42 PM, Peter Ostry at po@ostry.com wrote:> I would be very surprised if resetting the header can do it. The only way (I> know) to change user and password on the fly is to put them into the URL:> http://myname:mypass@www.server.com/download/...> But how to hide this? Frames won't fool an experienced user, neither a> refresh. And you can't encrypt this part of the URL.> > Sorry, I have no other idea yet than the move/rename approach. If the files> are not really huge and you can't have a folder outside the root I would try> it: for testing name the files like filename.db which prevents delivery by> your Webstar.> > The following assumes you have a folder /download/ which holds your> original .sit files but all with the suffix .db> > 1 - Deliver a faked listing:> [listfiles /download/]> [getchars start=3&from=end][filename].sit[/getchars]
> [/listfiles]> (so the user will never see a .db extension)> Yes, the download must point to a template, not to a file.> 2 - User clicks on a link.> 3 - Create a temporary folder [SessionID]> 4 - Move /download/filename.db to /[SessionID]/filename.temp> 5 - WaitForFile /[SessionID]/filename.temp> 6 - Rename it to /[SessionID]/filename.sit> 7 - Redirect to this file, this starts the download> > Later you will find a chance to remove the SessionID from the user and> delete filename.sit plus the temporary folder.> > We are on Linux now with most servers and I'm not sure if copying large> files is a good idea on newer Mac's. And you might not need the above> temp-sit-renaming on Mac after the copy. On Linux I do, because the file> emerges immediately and [waitforfile] sees it to early.> > Hope, this is worth a try :)> > > Peter> > ---> >> From: Stuart Tremain >> Reply-To: (WebCatalog Talk)>> Date: 04 Aug 2000 10:27:33>> To: (WebCatalog Talk)>> Subject: Re: Protecting a folder>> >> I'm using [listfiles] to display what is available.>> >> The files are accessible from a protected template. I basically don't want>> people to access them without going through the template as it logs their>> access etc etc and the visitor would be able to access the folder directly if>> I can't protect it.>> >> Are the ID & pasword passed by the browser in the header, could I reset the>> header to include a generic password to get them into the realm from the>> template? Would this be secure enough?> > > -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to> > Web Archive of this list is at: http://search.smithmicro.com/> -------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Michael Davis
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Bug or syntax error on my part? (1997)
[WebDNA] users.db (2009)
problem with applets embedded in tpl files (1997)
It just Does't add up!!! (1997)
We have Proof (1997)
'does not contain' operator needed ... (1997)
setting line item numbers (1998)
WebCat2: Items xx to xx shown, etc. (1997)
Re:Searching for ALL / empty form field (1997)
Secure server question (1997)
Need help (1998)
Bug Report, maybe (1997)
Search design (1997)
Carrying over data? (1997)
RE: Auto conversion of URLs? (1998)
Bug Report, maybe (1997)
Using [redirect] in the middle of a page? (1999)
Opinion: [input] should be called [output] ... (1997)
Lost and Recovered. (1998)
Core Database integration (2001)