public folders and protection - SQL Server Forums

Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

All Forums

Development Tools

Other Development Tools

public folders and protection

Author

Topic

afrika
Master Smack Fu Yak Hacker

2706 Posts

Posted - 2006-07-31 : 07:22:02

hello,

we have a folder with pictures of signed up users.

we are trying to protect this folder from the public in two ways.

1. hide the relative path

e.g. /welcome/images/544235432.gif

makes it easy for a user to easily download this file

2. put a password and access the folder through this passwords

any ideas, tips or pointers as how to achieve this ?

Thanks
afrika

Kristen
Test

22859 Posts

Posted - 2006-07-31 : 07:44:58

You could "deliver" the image through an ASP file, and then the physical file could be outside the WWW area - so the user has NO path or permissions to the file.

<img src="MyGetImage.ASP?ImageName=FOO.GIF">

or somesuch. The ASP file can decide if the user has permissions (based on session variables or similar).

Downside is that its more CPU-cycles to ship an image, and they don't get cached - so your ASP file has to "ship" them on every request. Good and bad that, from a logging and security point of view ...

Kristen

afrika
Master Smack Fu Yak Hacker

2706 Posts

Posted - 2006-07-31 : 07:58:09

thanks Kristen,
am still a bit confused on implementing this.

this is the code to deliver the relative path

<%d = "../../courses/"&inline&"/"&trim(session("basket"))&".gif"%>

and then you get this


   <p align="center">
                          <iframe name="I1" src="<%=d%>" width="98%" height="476" align="center" border="0" frameborder="0">Your 
                          browser does not support inline frames or is currently 
                          configured not to display inline frames. </iframe>
                        </p>

Afrika

Kristen
Test

22859 Posts

Posted - 2006-07-31 : 08:04:44

Can't help you with that, sorry.

This is what our MyGetImage.ASP looks like:


strFilePath = server.mapPath("/MyPath/MyFile.gif")
Set adoStream = Server.CreateObject("ADODB.Stream")
adoStream.Type = adTypeBinary
adoStream.Open
adoStream.LoadFromFile strFilePath

Response.ContentType = "image/gif"
Response.BinaryWrite adoStream.Read

adoStream.Close
Set adoStream = Nothing

Kristen

afrika
Master Smack Fu Yak Hacker

2706 Posts

Posted - 2006-07-31 : 08:30:47

THANKS A MILLION

Would try it out.

...by the way u are a great guy

Afrika

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources