Re: Protecting a folder

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 35721
interpreted = N
texte = With large files I wonder if it wouldn't be faster to use [applescript] to create an alias of the file instead of using [copyfile]. Just a thought. I've never actually tried it. Of course if you're on another platform, that won't help you.Mikeon 8/3/00 7:42 PM, Peter Ostry at po@ostry.com wrote:> I would be very surprised if resetting the header can do it. The only way (I > know) to change user and password on the fly is to put them into the URL: > http://myname:mypass@www.server.com/download/... > But how to hide this? Frames won't fool an experienced user, neither a > refresh. And you can't encrypt this part of the URL. > > Sorry, I have no other idea yet than the move/rename approach. If the files > are not really huge and you can't have a folder outside the root I would try > it: for testing name the files like filename.db which prevents delivery by > your Webstar. > > The following assumes you have a folder /download/ which holds your > original .sit files but all with the suffix .db > > 1 - Deliver a faked listing: > [listfiles /download/] > [getchars start=3&from=end][filename].sit[/getchars]
> [/listfiles] > (so the user will never see a .db extension) > Yes, the download must point to a template, not to a file. > 2 - User clicks on a link. > 3 - Create a temporary folder [SessionID] > 4 - Move /download/filename.db to /[SessionID]/filename.temp > 5 - WaitForFile /[SessionID]/filename.temp > 6 - Rename it to /[SessionID]/filename.sit > 7 - Redirect to this file, this starts the download > > Later you will find a chance to remove the SessionID from the user and > delete filename.sit plus the temporary folder. > > We are on Linux now with most servers and I'm not sure if copying large > files is a good idea on newer Mac's. And you might not need the above > temp-sit-renaming on Mac after the copy. On Linux I do, because the file > emerges immediately and [waitforfile] sees it to early. > > Hope, this is worth a try :) > > > Peter > > --- > >> From: Stuart Tremain >> Reply-To: (WebCatalog Talk) >> Date: 04 Aug 2000 10:27:33 >> To: (WebCatalog Talk) >> Subject: Re: Protecting a folder >> >> I'm using [ListFiles] to display what is available. >> >> The files are accessible from a protected template. I basically don't want >> people to access them without going through the template as it logs their >> access etc etc and the visitor would be able to access the folder directly if >> I can't protect it. >> >> Are the ID & pasword passed by the browser in the header, could I reset the >> header to include a generic password to get them into the realm from the >> template? Would this be secure enough? > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://search.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. [OT] Password protecting a folder in iTools (WJ Starck 2003)
  2. Re: Protecting a folder (Michael Davis 2000)
  3. Re: Protecting a folder (Stuart Tremain 2000)
  4. Re: Protecting a folder (Peter Ostry 2000)
  5. Re: Protecting a folder (Stuart Tremain 2000)
  6. Re: Protecting a folder (Peter Ostry 2000)
  7. Re: Protecting a folder (Stuart Tremain 2000)
  8. Re: Protecting a folder (Peter Ostry 2000)
  9. Re: Protecting a folder (Stuart Tremain 2000)
  10. Re: Protecting a folder (Peter Ostry 2000)
  11. Protecting a folder (Stuart Tremain 2000)
With large files I wonder if it wouldn't be faster to use [applescript] to create an alias of the file instead of using [copyfile]. Just a thought. I've never actually tried it. Of course if you're on another platform, that won't help you.Mikeon 8/3/00 7:42 PM, Peter Ostry at po@ostry.com wrote:> I would be very surprised if resetting the header can do it. The only way (I > know) to change user and password on the fly is to put them into the URL: > http://myname:mypass@www.server.com/download/... > But how to hide this? Frames won't fool an experienced user, neither a > refresh. And you can't encrypt this part of the URL. > > Sorry, I have no other idea yet than the move/rename approach. If the files > are not really huge and you can't have a folder outside the root I would try > it: for testing name the files like filename.db which prevents delivery by > your Webstar. > > The following assumes you have a folder /download/ which holds your > original .sit files but all with the suffix .db > > 1 - Deliver a faked listing: > [listfiles /download/] > [getchars start=3&from=end][filename].sit[/getchars]
> [/listfiles] > (so the user will never see a .db extension) > Yes, the download must point to a template, not to a file. > 2 - User clicks on a link. > 3 - Create a temporary folder [SessionID] > 4 - Move /download/filename.db to /[SessionID]/filename.temp > 5 - WaitForFile /[SessionID]/filename.temp > 6 - Rename it to /[SessionID]/filename.sit > 7 - Redirect to this file, this starts the download > > Later you will find a chance to remove the SessionID from the user and > delete filename.sit plus the temporary folder. > > We are on Linux now with most servers and I'm not sure if copying large > files is a good idea on newer Mac's. And you might not need the above > temp-sit-renaming on Mac after the copy. On Linux I do, because the file > emerges immediately and [waitforfile] sees it to early. > > Hope, this is worth a try :) > > > Peter > > --- > >> From: Stuart Tremain >> Reply-To: (WebCatalog Talk) >> Date: 04 Aug 2000 10:27:33 >> To: (WebCatalog Talk) >> Subject: Re: Protecting a folder >> >> I'm using [listfiles] to display what is available. >> >> The files are accessible from a protected template. I basically don't want >> people to access them without going through the template as it logs their >> access etc etc and the visitor would be able to access the folder directly if >> I can't protect it. >> >> Are the ID & pasword passed by the browser in the header, could I reset the >> header to include a generic password to get them into the realm from the >> template? Would this be secure enough? > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://search.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Michael Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

emailer setup (1997) WebCatalog-NT?'s (1996) WC2b15 File Corruption (1997) no global [username] or [password] displayed ... (1997) taxrate (1999) WebCat2 - [SendNews] (1997) Large sites (2003) Embedded [Search] Context Snippets (Very Useful) (1998) Generating Report Totals (1997) Pithy questions on webcommerce & siteedit (1997) Freeze (2003) Eudora plug-in (1998) Error handling for accountNum (1997) Problems getting parameters passed into email. (1997) Cookies (1999) showif with math? (2000) problems with 2 tags (1997) Ok here is a question? (1997) Handy Browser Counter Tip (1997) OK, here goes... (1997)