Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Senior Coder
    Join Date
    May 2004
    Posts
    1,466
    Thanks
    15
    Thanked 0 Times in 0 Posts

    security in passowrd proteced site and files

    If i want to write a program where a user that needs to login can upload and download files (pdf's,word) but security is important ---
    meaning i want the admin to be able to download the word or pdf but no user (without usernames and password to log into the program) to be able to find it by trying to type it's name under the domain.

    I am planning to do this in asp & sqlserver as this way admins all over can access the files but I want all the info to be secure.
    How can I do the thing with uploading and downloading files and what other security measures do I need to take?
    There is not credit card info but personal info -- would there be any reason to purchase an ssl certificate?
    What else can I do to keep it secure?

  • #2
    Senior Coder Spudhead's Avatar
    Join Date
    Jun 2002
    Location
    London, UK
    Posts
    1,856
    Thanks
    8
    Thanked 110 Times in 109 Posts
    By default, upload files to a directory outside your wwwroot. Password-protect the directory.
    Rename files as they are uploaded.
    Keep their names in a password-protected database server.
    Use a server-side component to manage file downloads, rather than creating a direct link to files.

    The database is still the weakest link - it usually is - but if you're using a SQL Server database then there's a lot you can do to secure it, virtually and physically. And there should be no way then to get a list of files.

  • #3
    Senior Coder
    Join Date
    May 2004
    Posts
    1,466
    Thanks
    15
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Spudhead
    By default, upload files to a directory outside your wwwroot. Password-protect the directory.
    Rename files as they are uploaded.
    Keep their names in a password-protected database server.
    Use a server-side component to manage file downloads, rather than creating a direct link to files.

    The database is still the weakest link - it usually is - but if you're using a SQL Server database then there's a lot you can do to secure it, virtually and physically. And there should be no way then to get a list of files.

    how do i password protect the directory? what kind of server side componenet for downloading.. can i do the uploading with aspupload -- is that secure.

    What would you do to secure the sql server db?


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •