Go Back   CodingForums.com > :: Server side development > ASP
Reload this Page security in passowrd proteced site and files

Before you post, read our: Rules & Posting Guidelines

Reply
 
Thread Tools Rate Thread
Enjoy an ad free experience by logging in. Not a member yet? Register.
Old 09-19-2005, 09:50 AM   PM User | #1
esthera
Senior Coder

 
Join Date: May 2004
Posts: 1,430
Thanks: 14
Thanked 0 Times in 0 Posts
esthera can only hope to improve
security in passowrd proteced site and files
If i want to write a program where a user that needs to login can upload and download files (pdf's,word) but security is important ---
meaning i want the admin to be able to download the word or pdf but no user (without usernames and password to log into the program) to be able to find it by trying to type it's name under the domain.

I am planning to do this in asp & sqlserver as this way admins all over can access the files but I want all the info to be secure.
How can I do the thing with uploading and downloading files and what other security measures do I need to take?
There is not credit card info but personal info -- would there be any reason to purchase an ssl certificate?
What else can I do to keep it secure?
esthera is offline   Reply With Quote
Old 09-19-2005, 02:38 PM   PM User | #2
Spudhead
Senior Coder

 
Spudhead's Avatar
 
Join Date: Jun 2002
Location: London, UK
Posts: 1,856
Thanks: 8
Thanked 110 Times in 109 Posts
Spudhead is on a distinguished road
By default, upload files to a directory outside your wwwroot. Password-protect the directory.
Rename files as they are uploaded.
Keep their names in a password-protected database server.
Use a server-side component to manage file downloads, rather than creating a direct link to files.

The database is still the weakest link - it usually is - but if you're using a SQL Server database then there's a lot you can do to secure it, virtually and physically. And there should be no way then to get a list of files.
Spudhead is offline   Reply With Quote
Old 09-19-2005, 02:44 PM   PM User | #3
esthera
Senior Coder

 
Join Date: May 2004
Posts: 1,430
Thanks: 14
Thanked 0 Times in 0 Posts
esthera can only hope to improve
Quote:
Originally Posted by Spudhead
By default, upload files to a directory outside your wwwroot. Password-protect the directory.
Rename files as they are uploaded.
Keep their names in a password-protected database server.
Use a server-side component to manage file downloads, rather than creating a direct link to files.

The database is still the weakest link - it usually is - but if you're using a SQL Server database then there's a lot you can do to secure it, virtually and physically. And there should be no way then to get a list of files.

how do i password protect the directory? what kind of server side componenet for downloading.. can i do the uploading with aspupload -- is that secure.

What would you do to secure the sql server db?
esthera is offline   Reply With Quote
Reply

Bookmarks

Jump To Top of Thread


« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 12:00 PM.
Advertisement
Log in to turn off these ads.