Re: Secure Folders
From: Armando (dijital_at_shaw.ca)
Date: 04/21/04
- Next message: Bob Barrows [MVP]: "Re: Error with reponse.write"
- Previous message: CD: "Error with reponse.write"
- In reply to: Rob Meade: "Re: Secure Folders"
- Next in thread: Roland Hall: "Re: Secure Folders"
- Reply: Roland Hall: "Re: Secure Folders"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 21 Apr 2004 16:23:35 -0500
Hi Rob,
Actually yes each page on my site has a SSI on each asp page setup to check
for a valid session variable and if it is zero-length or null it redirects
them to the login page. Simple enough to setup, all of 5 minutes of work.
As for *why* I want to deny access to images, the images are of my family -
most specifically, my 2 month old baby daughter. I (and more importantly -
my wife) don't just want *anyone* being able to access them. They are on the
web for friends and family only who are each using an assigned username and
password, however using direct URL entry in a browser, the actual pictures
and videos themselves are still accessible. I know they are still somewhat
safe because of the fact that no one really knows my directory structure but
it's still the fact that they are open to just anyone which I would like to
prevent completely if at all possible.
My website is also designed to database track (date, time, IP, username)
every single viewing/download of ANY of the image/video files, but only
through the webpage itself, otherwise I'd have to look in the IIS logs. I
will keep searching for an answer, but thanks for your help nonetheless!
Armando
"Rob Meade" <robb.meade@NO-SPAM.kingswoodweb.net> wrote in message
news:5Dzhc.267$Qz1.2895083@news-text.cableinet.net...
> "Armando" wrote ...
>
> > In this website there is a subfolder containing files which I do not
want
> to be publicly
> > accessible by using direct URL entry (ie;
> > http://www.mydomain.com/mywebsite/myprivatefiles/myfile.doc).
>
> If I have understood your question correctly you want to prevent a
> non-authenticated user from seeing specific webpages and their content.
>
> Sounds like you have the first part of this in place - your login screen,
> and you're setting a session variable - great - erm - are you then not
> checking this on each page you want secured?
>
> From what you have now I would have thought it would have been easiest to
> create a simple 'session-check' function.
>
> If the user is authenticated - ie, a session variable exists -
marvellous -
> do nothing - the page appears..
>
> If the user is not authenticated - ie a session variable does not exist -
> redirect them back to the login page - display an error telling them they
> have no access to this.
>
> This gets around the 'pages' issue...
>
> With regards to preventing them accessing an image directly - slightly
> different, cant really think of a case of hand where *I* would ever want
> this, but assuming you have a user that is at once point allowed to visit,
> for some reason decides to take the URL of an image in the secure area,
and
> then after having their access revoked can then simply paste that into a
> browser and see the image - thats where you'd need to consider the NTFS
> permissions as far as I see it...
>
> Hope this is of help
>
> Regards
>
> Rob
>
>
- Next message: Bob Barrows [MVP]: "Re: Error with reponse.write"
- Previous message: CD: "Error with reponse.write"
- In reply to: Rob Meade: "Re: Secure Folders"
- Next in thread: Roland Hall: "Re: Secure Folders"
- Reply: Roland Hall: "Re: Secure Folders"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
