File Protection :: Secure Files On My Server
I need to be able to secure files on my web server. I am using asp to secure access to links and pages, for example:
<%If Session("manager")=FALSE Then%>
You are not authorized to view this page
<%Else%>
<<<Page Code>>>
<%End If%>
The place I'm running into problems is with files. I have a lot of charts and such in PDF version. I kind of doubt there is a way to secure these files with asp, but I thought it would be worth a try.
My biggest issue is that PDFs are stored in the browser's history, so once the page has been accessed, anyone using the browser can get to thatunsecured PDF. As a brute force fix, is there some way to simply erase the site from the browser history? If not, is there a way to secure the PDF, or does someone know of a better group to post on?
View Replies
ADVERTISEMENT
is there any way to protect files or a folder from unauthorised access, i.e.when a variable is false?
e.g.
when variable li = 1 then grant access to folder and files within
when variable li <> 1 then deny access
i have a folder with images and word documents i only want people with the variable set to 1 to be able to access them.is there a way?
View Replies
View Related
I have been using two forms of password protection:
A) On working web sites I use an ASP script that is included in every page requiring protection: uses session - works fine
B) On quick test sites or temporary stuff I use the Windows Network Authentication provided by my web host. A whole folder is protected at once which is very convenient but it has a problem. If a user types the wrong password and is denied access, the next time they go to type the password, their browser sometimes remembers the wrong password as so they go straight to the 'access denied' 401 page.
How to proceed?
1) Does anyone know of a way of preventing all browsers from cacheing the login info.
2) Is there any way of using ASP to protect whole folders?
View Replies
View Related
Using ASP in a VBScript environment, how can I check the protection on a directory, or a
particular file?
View Replies
View Related
i currently have an asp authorization system setup on my website for access to certain html pages. this works great, but i need to restrict access to some pdf files as well. as of right now if the user is authenicated they have access to links to certain the pdf.
the problem is if i change a users access privileges they or anyone could open the file directly if they save or can guess the correct path.
i have tried to setup webserver folder security and use usernameassword@domain.com but this doesn't work in ie.
I thought about placing the pdfs in a database but im afraid that will slow down access to the files.
View Replies
View Related
help me in securing a pdf file on my site. i want ot provide a pdf file that can only be viewed and not downloaded.
View Replies
View Related
Need Idea About to Secure img path in ASP (img not open excluding our domian)files.......................i need this beocz our hostings are remote thousands of users pick our img path and paste in forums and we lose some our bandwith
Any body have solution for this (or provide me a ASP script for this) or tell me commands.
View Replies
View Related
I've built a survey and tested everything is working fine - except fo one problem, that i have been told MUST be fixed
I am using CDO.Message to send email message to the respondants of the survey - a lovely thank you message.
It is sending the emails fine to all email address i have tested, except for email address here where I work, and I have been unable to find a reason for this
the web scripts are running on a secure server (SSL certificate)
and all is working great except the email issue.
the actual code that is sending the emails works perfectly on non-secure server, and seems to be fina on the secure server except for the most important(apparently) email addresses.
Does anyone have any ideas why the scripts would not send to one set of email addresses, but seems to work for all other when on SSL, but works for ALL email address when not on SSL.
View Replies
View Related
Maybe I'm doing something wrong, but I'm having troubles with connecting using SSL.
I have a website at http://www.*****.com
I have a login form directly on that index page.
When you click sign in it directs to https://www.hostingcompany.com/******. However, it fails the first time, then it works the second time. The second time I am on the https://www.hostingcompany.com/****** page.
View Replies
View Related
I'm working on a shopping cart page. In page A (checkout) the user
enters their credit card information. On postback, if everything is
correct, it sends the user to page B (confirmation). My question is,
can I (or should I) use server variables to send CC information to page
B?
My boss doesn't want me to store this information in the SQL
database we're using. Obviously cookies are out of the question and so
is passing info through request.querystring, so I was thinking on using
session variables for this, but not sure if it's safe.
What should I do?
View Replies
View Related
I have a directory (folder) in ISS 6.0 Web server. I need to upload to a secure server over an HTTPS connection. What is the best method to upload from this directory to a secure sever.
To access the server via a browser i have to type a password and username.
The file are Cxml files and need to be uploaded on a secure connection.(HTTPS)
I would need to run a schedule task every 2 minutes to check the directory for any files that are there.
What script or method should i use. Is there any particular sample script such as (ASP) i could use. I am sure this can be done in ASP...but does anyone know how.
View Replies
View Related
How to secure MySQL Data with encript, any data to encript have ''' and MySQL send Error, how to protect ASP Data o encript the code ?
View Replies
View Related
how do i restrict anyone by changing an asp file. can it be done using visual source safe? Is there any way that i can stop any one from making changes in my asp file.
View Replies
View Related
I have been lately dealing with developing an ASP based web application which uploads documents to a folder. Application itself is password protected by the session.
I am now looking for securing the documents that are uploaded.
For example;
Let's say AAA.doc is uploaded to "/docs" folder by this password-protected application. But, I can't prevent the following link to download this Word document:
(URL address blocked: See forum rules)
How can I prevent the above link to download AAA.doc? Is it something possible to restrict it with a session variable? I also want the user who are authenticated at the beginning to view or download the file, but unauthenticated users shouldn't view it.
I found some articles but they are speaking about IIS level things. Folders may be created dynamically. Is it possible to have this security feature at application level?
View Replies
View Related
I have a bunch of Excel reports that I would like to display on my company's intranet. The reports contain priviledged information, however. My plan was to have a page with a dropdown box so someone could pick the report they need to view. This page can be secured with a session object, etc. But what is to keep an unauthorized person from accessing a file by typing. Is there something I could configure in IIS? Set permissions?
View Replies
View Related
If I have multiple websites on the same server,can I use the #include directive to reference include files elsewhere on the server? I tried this -
<!--#include file="C:InetpubvhostsATRAMEMBER.COMhttpdocsheader.asp" -->
But no dice...
View Replies
View Related
I have an application that needs to pull files from an internal server. This
is the setup. The web server is external facing, meaning exposed to the
internet. I then have a file server that sits inside our domain. I created a
COM object that can impersonate a user to retrieve files from that server.
However, I cannot get the application to pull files from the internal server.
I first tried a domain account that could reach both servers. This did not
work. I then had the network team create the same account on both machines.
This is not working either. I can impersonate the user (I am able to get the
user/users authenticated), but the script keeps coming back with and access
denied. Code:
View Replies
View Related
How can i transfer files from one web server to another web server. Is it possible?
View Replies
View Related
if there's a way to copy image files from one server to another using ASP and FSO? Or perhaps some other way to do it? I'm trying to collect information on books, and want to have a picture of the book associated with the description, but I want to be nice and
host the pictures myself, not just link to other people's pictures. Is there a way to do this?
View Replies
View Related
i have an ecommerce site that is split across two domains, a secure space that retains cc details and the main site where contact information and order details are held. I need to be able to produce a report that displays both sets of info in a printable document. aside from using iframes is there a better way of doing this?
View Replies
View Related
I have a site that currently is password protected, using a combination of ldap authentication and asp session management.
So for every asp page, I check the session to make sure they're authenticated, if not I send them to the login page.
BUT.... there is a robohelp componenet that is almost a website within this website. All these robohelp files are htm or html based, so I'm unable to put asp scripting (to check for session authentication).
So, my problem is, how do i protect these pages using my existing framework?
View Replies
View Related
I have a locally hosted (via an executable) asp application. Does anyone know what would be the best (cheapest) way to add copy protection in it?
The application is an exe web server with the asp pages embedded in the executable.
No one can copy the asp pages, but they can copy the executable and distribute it that way. I don't want them to do that.
If there is some sort of wrapper or asp code I could add to it for licensing or registration, please let me know.
View Replies
View Related
I have allways validated user input to pieces prior to integrating it into a SQL statement, in order to avoid SQL Injection attacs. A colleague of mine told me that binding my vars would make them SQL scalar, but I have been left in the dark as to HOW... The web left me none the wiser, as well, so here goes: Anyone got a brief example of binding vars in ASP to get me started?
View Replies
View Related
After trying out 3/4 password scripts which I've used before and won't work today.I've come to the end of my tether! I need a ready made script asap to password protect a set of webpages, something simple with login and p/w for one user.
View Replies
View Related
I have a webpage. However I only want people to access it if they are members of a certain group. When I say group I mean Active Directory group. The log into windows with their Active Directory username and PW, and lets say they are members of 'employee1' group in Active Directory. I'm pretty sure I use ASP, to restrict access to a webpage depending on the users group. how I would go about doing this?
View Replies
View Related
How do people protect input from forms submitted that are
dangerous such as scripts, etc..
View Replies
View Related
help me with asp password protection? I need to have a login and register script as well as complete password protection.
View Replies
View Related
I have a webpage where user upload ms-word doc.. for supervisor, they can d/w the doc and print... but the normal user can just see the doc..
how to make ms-word password protetion only to normal user but not to supervisors?
View Replies
View Related
Can anyone find fault with this code? I wrote in in hopes of preventing users from "breaking" SQL queries and getting places they shouldn't by using SQL Injections.
Code: ....
View Replies
View Related
Can anyone help me with an ASP function to perfom the following:
Series of page like this
item.asp?ItemId=2345
news.asp?NewsId=23456
Sale.asp?SaleId=344444
I need a function i can include in lots of pages that basically says
if query string is "ItemId" then only allow numerics of a maximum of 4
if query string is "NewsId" then only allow numerics of a maximum of 5
if query string is "SaleId" then only allow numerics of a maximum of 6
In all of the above query strings of 1,2,3 etc numerals must also work.
Any help appreciated as I'm in deep "poop" battling Chinese hackers.
View Replies
View Related
we have a folder with pictures of signed up users. we are trying to protect this folder from the public in two ways. hide the relative path
e.g. /welcome/images/544235432.gif
makes it easy for a user to easily download this file . put a password and access the folder through this passwords .
View Replies
View Related
where can I get straightforward step-by-step instructions to password protect part of a site?
View Replies
View Related
is it possiable to write in asp program that will be able to analytics the server log files? any information on this subject will be good for me now cause i'm just starting...links...codes...any info...
View Replies
View Related
