Re: Protecting a folder

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 35721
interpreted = N
texte = With large files I wonder if it wouldn't be faster to use [applescript] to create an alias of the file instead of using [copyfile]. Just a thought. I've never actually tried it. Of course if you're on another platform, that won't help you.Mikeon 8/3/00 7:42 PM, Peter Ostry at po@ostry.com wrote:> I would be very surprised if resetting the header can do it. The only way (I > know) to change user and password on the fly is to put them into the URL: > http://myname:mypass@www.server.com/download/... > But how to hide this? Frames won't fool an experienced user, neither a > refresh. And you can't encrypt this part of the URL. > > Sorry, I have no other idea yet than the move/rename approach. If the files > are not really huge and you can't have a folder outside the root I would try > it: for testing name the files like filename.db which prevents delivery by > your Webstar. > > The following assumes you have a folder /download/ which holds your > original .sit files but all with the suffix .db > > 1 - Deliver a faked listing: > [listfiles /download/] > [getchars start=3&from=end][filename].sit[/getchars]
> [/listfiles] > (so the user will never see a .db extension) > Yes, the download must point to a template, not to a file. > 2 - User clicks on a link. > 3 - Create a temporary folder [SessionID] > 4 - Move /download/filename.db to /[SessionID]/filename.temp > 5 - WaitForFile /[SessionID]/filename.temp > 6 - Rename it to /[SessionID]/filename.sit > 7 - Redirect to this file, this starts the download > > Later you will find a chance to remove the SessionID from the user and > delete filename.sit plus the temporary folder. > > We are on Linux now with most servers and I'm not sure if copying large > files is a good idea on newer Mac's. And you might not need the above > temp-sit-renaming on Mac after the copy. On Linux I do, because the file > emerges immediately and [waitforfile] sees it to early. > > Hope, this is worth a try :) > > > Peter > > --- > >> From: Stuart Tremain >> Reply-To: (WebCatalog Talk) >> Date: 04 Aug 2000 10:27:33 >> To: (WebCatalog Talk) >> Subject: Re: Protecting a folder >> >> I'm using [ListFiles] to display what is available. >> >> The files are accessible from a protected template. I basically don't want >> people to access them without going through the template as it logs their >> access etc etc and the visitor would be able to access the folder directly if >> I can't protect it. >> >> Are the ID & pasword passed by the browser in the header, could I reset the >> header to include a generic password to get them into the realm from the >> template? Would this be secure enough? > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://search.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. [OT] Password protecting a folder in iTools (WJ Starck 2003)
  2. Re: Protecting a folder (Michael Davis 2000)
  3. Re: Protecting a folder (Stuart Tremain 2000)
  4. Re: Protecting a folder (Peter Ostry 2000)
  5. Re: Protecting a folder (Stuart Tremain 2000)
  6. Re: Protecting a folder (Peter Ostry 2000)
  7. Re: Protecting a folder (Stuart Tremain 2000)
  8. Re: Protecting a folder (Peter Ostry 2000)
  9. Re: Protecting a folder (Stuart Tremain 2000)
  10. Re: Protecting a folder (Peter Ostry 2000)
  11. Protecting a folder (Stuart Tremain 2000)
With large files I wonder if it wouldn't be faster to use [applescript] to create an alias of the file instead of using [copyfile]. Just a thought. I've never actually tried it. Of course if you're on another platform, that won't help you.Mikeon 8/3/00 7:42 PM, Peter Ostry at po@ostry.com wrote:> I would be very surprised if resetting the header can do it. The only way (I > know) to change user and password on the fly is to put them into the URL: > http://myname:mypass@www.server.com/download/... > But how to hide this? Frames won't fool an experienced user, neither a > refresh. And you can't encrypt this part of the URL. > > Sorry, I have no other idea yet than the move/rename approach. If the files > are not really huge and you can't have a folder outside the root I would try > it: for testing name the files like filename.db which prevents delivery by > your Webstar. > > The following assumes you have a folder /download/ which holds your > original .sit files but all with the suffix .db > > 1 - Deliver a faked listing: > [listfiles /download/] > [getchars start=3&from=end][filename].sit[/getchars]
> [/listfiles] > (so the user will never see a .db extension) > Yes, the download must point to a template, not to a file. > 2 - User clicks on a link. > 3 - Create a temporary folder [SessionID] > 4 - Move /download/filename.db to /[SessionID]/filename.temp > 5 - WaitForFile /[SessionID]/filename.temp > 6 - Rename it to /[SessionID]/filename.sit > 7 - Redirect to this file, this starts the download > > Later you will find a chance to remove the SessionID from the user and > delete filename.sit plus the temporary folder. > > We are on Linux now with most servers and I'm not sure if copying large > files is a good idea on newer Mac's. And you might not need the above > temp-sit-renaming on Mac after the copy. On Linux I do, because the file > emerges immediately and [waitforfile] sees it to early. > > Hope, this is worth a try :) > > > Peter > > --- > >> From: Stuart Tremain >> Reply-To: (WebCatalog Talk) >> Date: 04 Aug 2000 10:27:33 >> To: (WebCatalog Talk) >> Subject: Re: Protecting a folder >> >> I'm using [listfiles] to display what is available. >> >> The files are accessible from a protected template. I basically don't want >> people to access them without going through the template as it logs their >> access etc etc and the visitor would be able to access the folder directly if >> I can't protect it. >> >> Are the ID & pasword passed by the browser in the header, could I reset the >> header to include a generic password to get them into the realm from the >> template? Would this be secure enough? > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://search.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Michael Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Resume Catalog ? (1997) TCPconnect using SSL. If not WebCat, How? (1999) Problems getting parameters passed into email. (1997) [Shell] question (2000) WebCatalog Q & A pages (1997) Re:Replace command help (1998) test - ignore please (2003) splitting numbers in webDNA? (1997) ListFields and [name] (1997) [cart]= (2004) OT: P3P (was Shop from PDF) (2004) I forgot (1998) [WriteFile] problems (1997) bug in [SendMail] (1997) WebCat & WebTen (1997) [MATH] and Dates (1998) Sorting by date (1997) Summing fields (1997) Stumpted Again (1997) Encrypted links ... (2000)