Re: hidden (phantom) file downloads

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 31523
interpreted = N
texte = 1. Is this really secure? I mean, just knowing the file name and typing a bogus url with the right file name will give you the file. Not that the other methods discussed are truly secure, but if you copy files, then delete them after a period of time, there's only a small window of opportunity for unauthorized users to download the file. The error file method would seem to allow download of any file whose name is known, at any time. 2. Your word file will have the extension and MIME type of your template, right? So the browser would just display the contents of the word file within the page, which would look very ugly.I don't mean to pick your method apart, but it seems more appropriate for inclusion of text or html content that is not meant to be proprietary or protected than it does as a means of protecting or hiding direct downloads.Am I wrong? Did I miss something?Mike> ok, so for this purpose, we are assuming that the file resides in > my.server.com/docs/mydoc.doc > > ok, so first you would want to create a db or something to store the > names of the word files. > then you have a link pointing to my.server.com/[RANDOM]/mydoc.doc > In you error.html file, insert the lines: > > [SHOWIF [URL][THISURL][/URL]^.doc] > [TEXT SHOW=F]ELEN=[COUNTWORDS Delimiters= > +_/][THISURL][/COUNTWORDS][/TEXT] > [TEXT SHOW=F]DSSTRING=[LISTWORDS WORDS=[THISURL]&Delimiters= +_/][HIDEIF > [INDEX]=[ELEN]][WORD][SHOWIF [INDEX]<[MATH][ELEN]-1[/MATH]] > [/SHOWIF][/HIDEIF][/LISTWORDS][/TEXT] > [SEARCH db=^db/docs.db&eqDOCdatarq=[DSSTRING]&MAX=1] > [HIDEIF [NUMFOUND]=0] > [include file=/docs/mydoc.doc] > [/HIDEIF] > [SHOWIF [NUMFOUND]=0] > File Not found > [/SHOWIF] > [/SEARCH] > > [/SHOWIF] > > Something approximately like this should work. we use this techniue here > often. > > >>>>> I am trying to have a members only restricted area where paying >>>>> subscribers can log in and download pdf or word files that they have >>>>> paid for - but I do not want to reveal the true location of the file. >>>>> Is anyone out there doing something like this? >>>> >>>> Welcome does this easily ... >>> >>> not on OS X/itools though - correct? >> >> Welcome is originally based (or inspired by) an Apache module called >> mod_rewrite, so you can still do what you want :-) >> >> ************************************************************* >> Christer Olsson Stora Nygatan 21 Phone +46 40 791 50 >> Ljusa Idéer AB S-211 37 Malmoe Fax +46 40 97 99 77 >> Sweden http://www.ljusaideer.se >> ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Associated Messages, from the most recent to the oldest:

    
  1. Re: hidden (phantom) file downloads (Derek C. 2000)
  2. Re: hidden (phantom) file downloads (Mike Davis 2000)
  3. Re: hidden (phantom) file downloads (Derek C. 2000)
  4. Re: hidden (phantom) file downloads (Mike Davis 2000)
  5. Re: hidden (phantom) file downloads (Derek C. 2000)
  6. Re: hidden (phantom) file downloads (John Peacock 2000)
  7. Re: hidden (phantom) file downloads (Christer Olsson 2000)
  8. Re: hidden (phantom) file downloads (Michael O Shea 2000)
  9. Re: hidden (phantom) file downloads (Britt T. 2000)
  10. Re: hidden (phantom) file downloads (Kenneth Grome 2000)
  11. Re: hidden (phantom) file downloads (J Lane 2000)
  12. Re: hidden (phantom) file downloads (Kenneth Grome 2000)
  13. Re: hidden (phantom) file downloads (Britt T. 2000)
  14. Re: hidden (phantom) file downloads (Kenneth Grome 2000)
  15. hidden (phantom) file downloads (Britt T. 2000)
1. Is this really secure? I mean, just knowing the file name and typing a bogus url with the right file name will give you the file. Not that the other methods discussed are truly secure, but if you copy files, then delete them after a period of time, there's only a small window of opportunity for unauthorized users to download the file. The error file method would seem to allow download of any file whose name is known, at any time. 2. Your word file will have the extension and MIME type of your template, right? So the browser would just display the contents of the word file within the page, which would look very ugly.I don't mean to pick your method apart, but it seems more appropriate for inclusion of text or html content that is not meant to be proprietary or protected than it does as a means of protecting or hiding direct downloads.Am I wrong? Did I miss something?Mike> ok, so for this purpose, we are assuming that the file resides in > my.server.com/docs/mydoc.doc > > ok, so first you would want to create a db or something to store the > names of the word files. > then you have a link pointing to my.server.com/[random]/mydoc.doc > In you error.html file, insert the lines: > > [SHOWIF [url][thisurl][/URL]^.doc] > [TEXT SHOW=F]ELEN=[COUNTWORDS Delimiters= > +_/][thisurl][/COUNTWORDS][/TEXT] > [TEXT SHOW=F]DSSTRING=[LISTWORDS WORDS=[thisurl]&Delimiters= +_/][HIDEIF > [INDEX]=[ELEN]][WORD][SHOWIF [INDEX]<[math][ELEN]-1[/MATH]] > [/SHOWIF][/HIDEIF][/LISTWORDS][/TEXT] > [SEARCH db=^db/docs.db&eqDOCdatarq=[DSSTRING]&MAX=1] > [HIDEIF [NUMFOUND]=0] > [include file=/docs/mydoc.doc] > [/HIDEIF] > [SHOWIF [NUMFOUND]=0] > File Not found > [/SHOWIF] > [/SEARCH] > > [/SHOWIF] > > Something approximately like this should work. we use this techniue here > often. > > >>>>> I am trying to have a members only restricted area where paying >>>>> subscribers can log in and download pdf or word files that they have >>>>> paid for - but I do not want to reveal the true location of the file. >>>>> Is anyone out there doing something like this? >>>> >>>> Welcome does this easily ... >>> >>> not on OS X/itools though - correct? >> >> Welcome is originally based (or inspired by) an Apache module called >> mod_rewrite, so you can still do what you want :-) >> >> ************************************************************* >> Christer Olsson Stora Nygatan 21 Phone +46 40 791 50 >> Ljusa Idéer AB S-211 37 Malmoe Fax +46 40 97 99 77 >> Sweden http://www.ljusaideer.se >> ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Mike Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Cyberstudio and WebDNA (1997) WebCat2b13MacPlugIn - [showif][search][/showif] (1997) WebCat2_Mac RETURNs in .db (1997) OSX Install error (2000) Include vs. lookup? (1998) emailer (1997) (2000) Umm...about those log files? (Off Topic) (1997) my price won't move (1997) can WC render sites out? (1997) Emailer not working (1998) [OT] 'Email this story to a friend' (2003) WebCatalog Mac and cgi-bin (WebSTAR 2.0) (1997) Validation (2000) WebMerchant when CC network is down (1998) Logging purchases (1997) [WebDNA] Limits? (2009) Strange intermittent WebDNA problems (2008) Multiple prices (1997) RE: 2nd WebCatalog2 Feature Request (1996)