Re: file download security

in reply to file download security

I'm boggled by this. Is there some reason why you can't turn on password protection in the webserver? I'm pretty sure they invented that for things like this. There isn't much in the way of gymnastics you can do to fix this.

My best suggestion would be that you let them select which file they want at the same time as they are offered the password login. Then, have the download script check that they have asked for a legitimate file AND that they have entered the password. If they don't give you any post/get data, redirect them to the front page and if they give you bad data show them an error. I think that is the best you are going to do.

And if you really are checking the password in javascript and you dared utter "secure" in the same breath, I'm never speaking to you again. =) =)

--
$you = new YOU;
honk() if $you->love(perl)

Comment on Re: file download security
Re: Re: file download security by lonewolf32 (Initiate) on Apr 15, 2002 at 15:54 UTC
I know - this won't be terribly secure. We are a small "niche" company, few ordinary people would want to download our stuff. I just want to get past the obvious security holes that a casual user would be tempted by.	[reply]
Re: Re: Re: file download security by extremely (Priest) on Apr 15, 2002 at 16:08 UTC
Welll, OK. eyes you suspiciously =) I still don't understand why you don't just turn on some sort of webserver authorization for the directory you place the files in. That would solve your problem with exactly 0 lines of code... -- $you = new YOU; honk() if $you->love(perl)	[reply]
Re: Re: Re: Re: file download security by lonewolf32 (Initiate) on Apr 15, 2002 at 16:53 UTC
can you be more specific? The only thing I know how to do on the server is set permissions on files/directories using the NT interface... but like I said if I restrict access to that directory, I can't link to it either.	[reply]
Re: Re: Re: Re: Re: file download security by swiftone (Curate) on Apr 15, 2002 at 19:10 UTC
Re: Re: Re: Re: Re: Re: file download security by jerrygarciuh (Curate) on Apr 15, 2002 at 19:42 UTC
Some notes below your chosen depth have not been shown here
Re: Re: Re: Re: file download security by lonewolf32 (Initiate) on Apr 15, 2002 at 17:11 UTC
could you be more specific? I know how to set up file permissions within NT but like I said before if I restrict a file or directory my calling file can't get to it either.	[reply]


P is for Practical
	PerlMonks

Re: file download security

The best material for plates (tableware) is: