Re: WidgetSoftware Downloads

This WebDNA talk-list message is from

2003

It keeps the original formatting. numero = 48189
interpreted = N
texte = Marc,Looks like you've got a good start on this. I have one comment after giving it a try. There is still a security issue. Once I entered a correct reg key, I was given a form button to download the file. I checked the source code and found the directory structure. The server has directory indexing turned on, so I was able to browse to other web delivery folders and see/download other files there. You could probably go a couple directions to solve this. First, turn off directory indexing. Another approach would be to do some security checking in a tpl file and then either redirect, which is not totally secure either, or include the file inside a [returnraw] context. [ReturnRaw] will work and is the most secure of the options, but the downloaded file will be the name of the tpl file, which can cause troubles on the user's end.MikeOn Thu, 27 Feb 2003 16:04:51 -0800 marc@kaiwi.com (Marc Kaiwi) wrote:>>I just built a simple web interface to distribute and >administer software via electronic downloads. I started >to build this in StoreBuilder but there was too much >overhead to wade through so I started from scratch and >put this application together.>>It consists of two parts. A: The download page and B: an >administrative page.>>The Download Page: Users simply enter a Reg. Key you've >provided them via email and download the software archive >version they select.>>The Admin Page: Consists of three tables:>(1) The first for assigning reg numbers and emailing out >notices (I've removed the email function from this test >copy). You can also edit/delete records.>(2) The second table shows the contents of the >WebDelivery folder. Anything less than 24 hours old will >have a status of Okay more than that the status simply >says Too Old, in which case it's okay to delete that >item.>(3) The last table shows visits to the page and >successful Reg Key entries. Just for keeping Track of >who's doing what.>>If anyone has the time to have a look at it, any comments >or suggestions are welcome. Feel free to add, delete any >records at will ... this is a sample. I'll have this copy >online for your review most of the day today.>>Visit WidgetSoftware Downloads at: >>>Thanks in advance,>>>>>Signed: Marc Kaiwi>>>------------------------------------------------------------->This message is sent to you because you are subscribed to> the mailing list .>To unsubscribe, E-mail to: >>To switch to the DIGEST mode, E-mail to >>Web Archive of this list is at: >http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

Re: WidgetSoftware Downloads (marc@kaiwi.com (Marc Kaiwi) 2003)
Re: WidgetSoftware Downloads (Michael Davis 2003)
WidgetSoftware Downloads (marc@kaiwi.com (Marc Kaiwi) 2003)

Marc,Looks like you've got a good start on this. I have one comment after giving it a try. There is still a security issue. Once I entered a correct reg key, I was given a form button to download the file. I checked the source code and found the directory structure. The server has directory indexing turned on, so I was able to browse to other web delivery folders and see/download other files there. You could probably go a couple directions to solve this. First, turn off directory indexing. Another approach would be to do some security checking in a tpl file and then either redirect, which is not totally secure either, or include the file inside a [returnraw] context. [returnraw] will work and is the most secure of the options, but the downloaded file will be the name of the tpl file, which can cause troubles on the user's end.MikeOn Thu, 27 Feb 2003 16:04:51 -0800 marc@kaiwi.com (Marc Kaiwi) wrote:>>I just built a simple web interface to distribute and >administer software via electronic downloads. I started >to build this in StoreBuilder but there was too much >overhead to wade through so I started from scratch and >put this application together.>>It consists of two parts. A: The download page and B: an >administrative page.>>The Download Page: Users simply enter a Reg. Key you've >provided them via email and download the software archive >version they select.>>The Admin Page: Consists of three tables:>(1) The first for assigning reg numbers and emailing out >notices (I've removed the email function from this test >copy). You can also edit/delete records.>(2) The second table shows the contents of the >WebDelivery folder. Anything less than 24 hours old will >have a status of Okay more than that the status simply >says Too Old, in which case it's okay to delete that >item.>(3) The last table shows visits to the page and >successful Reg Key entries. Just for keeping Track of >who's doing what.>>If anyone has the time to have a look at it, any comments >or suggestions are welcome. Feel free to add, delete any >records at will ... this is a sample. I'll have this copy >online for your review most of the day today.>>Visit WidgetSoftware Downloads at: >>>Thanks in advance,>>>>>Signed: Marc Kaiwi>>>------------------------------------------------------------->This message is sent to you because you are subscribed to> the mailing list .>To unsubscribe, E-mail to: >>To switch to the DIGEST mode, E-mail to >>Web Archive of this list is at: >http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Michael Davis

DOWNLOAD WEBDNA NOW!

Re: WidgetSoftware Downloads

2003

Top Articles:

Related Readings: