Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot

Re: file download security

by extremely (Priest)
on Apr 15, 2002 at 15:35 UTC ( #159235=note: print w/replies, xml ) Need Help??

in reply to file download security

I'm boggled by this. Is there some reason why you can't turn on password protection in the webserver? I'm pretty sure they invented that for things like this. There isn't much in the way of gymnastics you can do to fix this.

My best suggestion would be that you let them select which file they want at the same time as they are offered the password login. Then, have the download script check that they have asked for a legitimate file AND that they have entered the password. If they don't give you any post/get data, redirect them to the front page and if they give you bad data show them an error. I think that is the best you are going to do.

And if you really are checking the password in javascript and you dared utter "secure" in the same breath, I'm never speaking to you again. =) =)

$you = new YOU;
honk() if $you->love(perl)

Replies are listed 'Best First'.
Re: Re: file download security
by lonewolf32 (Initiate) on Apr 15, 2002 at 15:54 UTC
    I know - this won't be terribly secure. We are a small "niche" company, few ordinary people would want to download our stuff. I just want to get past the obvious security holes that a casual user would be tempted by.
      Welll, OK. *eyes you suspiciously* =)

      I still don't understand why you don't just turn on some sort of webserver authorization for the directory you place the files in. That would solve your problem with exactly 0 lines of code...

      $you = new YOU;
      honk() if $you->love(perl)

        can you be more specific? The only thing I know how to do on the server is set permissions on files/directories using the NT interface... but like I said if I restrict access to that directory, I can't link to it either.
        could you be more specific? I know how to set up file permissions within NT but like I said before if I restrict a file or directory my calling file can't get to it either.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://159235]
[Eily]: nope, Nodelet Settings doesn't let you move the XP Nodelet, CSS might
[marinersk]: That would mitigate the distraction/jangle issue, but then the information wouldn't be easy to find when it is populated. Plus, I don't currently see a way to move it, but I'm not done poking around on that point yet.
[marinersk]: Ah, you beat me to it.
[LanX]: as long as he has votes left, the nodelet remains

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (9)
As of 2017-05-29 14:11 GMT
Find Nodes?
    Voting Booth?