RE: Securing file access

["Booth, Simon" <simonbooth () kpmg co im>]

Take a look at aspSmartUpload (http://www.aspsmart.com), this also offers
downloading with which you can specify a path outside the webroot.

Simon

-----Original Message-----
From: Saphyr [mailto:saphyr () infomaniak ch] 
Sent: 28 September 2004 07:15
To: webappsec () securityfocus com
Subject: Re: Securing file access

> guess a file name to download).  In order to access the files, the 
> database would link a file to a unique id, so a page that validates 
> the user would then give access to the file stored outside of the www 
> on the server.  Now, this is where the real question lies.  How is 
> this possible since the files are not in a www accessible path, since a
mere link to a file won't due.
> Any thoughts would be welcome.

Hi there.

According to your files sizes, could you consider using binary fields in
your database ?

.antoine




------------oOoo---Ôô----ooOo---------------------------
Antonio FONTES    (well, me, actually)
http://www.nxtg.net/saphyr/  (tout et rien en français)
http://www.nxtg.net/is/ (blog - développeur web)
E-mail: prenom.nom () mondomaine net
-------------------------------------------------------------



***************************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing client engagement letter.
*****************************************************************************************