Reading and Writing Files from outside the web structure.In many cases you may have files that you dont want Joe Blow Web User to have access to when they visit your site. If these files are for clients only, you dont want somebody to be able to "hack" your pages an ... In many cases you may have files that you dont want Joe Blow Web User to have access to when they visit your site.
If these files are for clients only, you dont want somebody to be able to "hack" your pages and find out directory or
filename structure.
The only real way to secure these files is to store them outside the web directory.
"Doesn't this defeat the purpose of sharing files over the web", you say?"
Normally it probably would but in this case its the perfect( well almost ) scenario for securing your files.
The method I use for securing files is by using a Component to read the binary file from a directory and then write it back to the web browser.
There is also a link on the Microsoft Knowledge Base about this where I got the idea from. http://support.microsoft.com/support/kb/articles/Q193/9/98.ASP The MEAT of the Article
Ok now I will show you the code on how to do this amazing feat.
<%
'On Error Resume Next
If Not Response.isClientConnected Then
Response.end
End If
Response.buffer = true
'Specify a MIME type such as "text/html", "image/gif" or "application/pdf"
Response.contenttype = "application/msword"
'Useful in cases for unknown file types
'Response.contenttype = "application/octet-stream"
'Custom server component
Set objBinFile = Server.CreateObject("ASPBinFile.clsASPBinFile")
'Beware of cases of file name in case some systems differentiate them
mFile = "c:\inetpub\wwwroot\test\serverop.doc"
mStream = objBinFile.BinFileRead(mFile)
Response.Addheader "Content-Disposition", "inline; filename=" & "ado.pdf"
'Response.Addheader "Content-Disposition", "inline; filename=" & "serverop.doc"
Response.CacheControl = "public"
Response.binarywrite mstream
Set objBinFile = Nothing
Response.End
%>
|
As you can see the code is very small. Now there are a few things I need to point out here, just so everyone understands this.
You need to set your MIME type so that the browser knows what kind of file this is. If you are serving multiple kinds of files I would write a case statement to handle all the MIME types and for the CASE ELSE you can use octet-stream.
Octet-Stream is the catch-all datatype. If you look in your web server's properties under MIME types you will likely see a long list with MIME types and their associated applications. For Octet-Stream you will see all or *. This is because octet-stream is the straight binary and will just let you download or open the file. Kind of like writing it straight to the browser.
mFile is the variable you will need to set the path in. What I would do here is hardcode the main path into your asp page and then just Response.Write your filename into the page.
You will also need to create your instance of the BinaryRead/Write object I have created.
Below I have also included the code for the Component I wrote to handle the Binary Read portion of this article. This is a simple ActiveX Dll. Just open VB and name the Project File - ASPBinFile and the Class File - clsASPBinFile. You should be rocking and good to go after this.
Option Explicit
Function BinFileRead(ByVal inFileSpec As String) As Variant
On Error GoTo errHandler
Dim mHandle
Dim lngFileLen As Long
Dim arrData() As Byte
mHandle = FreeFile
Open inFileSpec For Binary Access Read As #mHandle
lngFileLen = FileLen(inFileSpec)
ReDim arrData(lngFileLen)
Get #mHandle, , arrData
Close #mHandle
BinFileRead = arrData
Exit Function
errHandler:
End Function
|
I have also included a compiled version of the dll and the source project files.
I hope this helps.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More ASP Code Articles
More By aspfree  developerWorks - FREE Tools!
|
Hold your calendar on January 30, 2008 for this free webcast on the new i5/OS. Rational's Enterprise Modernization products will be discussed at this webcast as they help to drive the application development environment for this new System i OS. <br />And learn how i5/OS will take you to the next step of efficient, resilient business processing. You will hear about the new i5/OS capabilities as it will be the most significant i5/OS release in years. If you cannot join the webcast on 1/30/08 you can still use this link to listen to the replay.<br />
FREE! Go There Now!
| | | |
Hear how IBM Rational Project and Portfolio Management integrated solutions help teams put the right tools and processes in place to maximize the effectiveness and efficiency of project teams and ensure that the business vision is being executed correctly. Learn how to automate and integrate requirements prioritization, top-down project planning, communications and controls, and methodology deployment to keep your scope, costs, and schedules under control. Tackle with an end-to-end approach the management of scope and scope changes, usage of methodology to control and empower project teams, and optimization of resources to align activity costs with the overall project plan.
FREE! Go There Now!
| | | |
Join us for this on demand webcast to learn about developing complex systems more quickly and efficiently. We'll cover market drivers for developing, governing and reusing systems software assets and how you can develop system software assets with Rational Asset Manager.
FREE! Go There Now!
| | | |
Visit IBM developerWorks to download a free trial of the Rational Host Access Transformation Services (HATS) Toolkit. The HATS toolkit provides a set of plug-ins for the IBM Rational Software Delivery Platform to help you easily extend your legacy applications. HATS makes your 3270 and 5250 applications available as HTML through the most popular Web browsers, while converting your host screens to a Web look and feel and it also enables you to develop new Web, portal, and rich-client applications.
FREE! Go There Now!
| | | |
Learn how Rational Build Forge can extend a simple compile and package build process by adding customization and deployment capability. Go from a manual method to automating: checking for code changes; getting the latest source; compiling and packaging; customizing; copying to and restarting a deployment server; and sending e-mail notification that a new version is available.
FREE! Go There Now!
| | | |
Join this Rational Talks to You teleconference on November 29 at 1:00 pm ET to participate in an interactive discusssion with Grady Booch around architecture and reuse. Get your questions answered!
FREE! Go There Now!
| | | |
Discover how Rational tools and best practices for testing can make your job easier. The new Rational Testing eKits provide you with valuable resources – including demos, webcasts, tutorials, and articles – that help you address your specific testing needs across the software lifecycle. Five new eKits are available covering the topics of Requirements and Test Management, Functional Testing, Performance Testing, Code Quality and Embedded Systems, and SOA and Web Services Testing.
FREE! Go There Now!
| | | |
Learn the basics of the IBM Customer Information Control System (CICS). With a hands-on exercise, learn how to get your first CICS application up and running on your desktop using TXSeries V6.1 for Windows. The tutorial shows you how to download and install a free trial version of TXSeries V6.1.
FREE! Go There Now!
| | | |
Get a free trial download of the latest version of IBM Rational Method Composer V7.2 which helps you deliver customized yet consistent process guidance to your project teams and IT organization, and includes the latest version of IBM Rational Unified Process (RUP), which has provided process guidance to teams since 1996.
FREE! Go There Now!
| | | |
Explore how Rational and WebSphere software enable enterprise documentation in SOA environments. Specifically, a new integration between IBM WebSphere® Business Modeler and IBM Rational® Method Composer software can help technical writers more easily keep enterprise operations manuals in sync with changes that are made to business processes, resulting in more accurate and timely documentation that benefits the entire enterprise.
FREE! Go There Now!
| | | |
All FREE IBM® developerWorks Tools!
|
|
