[thelist] security on the server

[Peter Kaulback]

In the wee hour of 03:10 PM 7/12/01 -0400, Warden, Matt bequeathed such 
tales as these:
>User:
>-Logs in.
>-Clicks a File.
>-File downloads and could automatically open in the default viewer (like
>Acrobat's PDF Viewer) for that content type.
>-optionally enters his/her key to decrypt the file
>
>Developer:
>Quite simple. Just write a script that queries the database for all files
>located on that server owned by the logged in user. The files will be below
>the site root and stored in the database as an absolute physical path (like
>D:\SecuredContent\joesfile.pdf). The script would read that pdf into a
>variable, set the HTTP header Content-Type to the appropriate string for
>PDFs, and send that variable's contents to the browser (optionally over a
>SSL connection).

Matt, would one have to design the entire site in ASP or could one just 
embed the ASP script into the html? I've not done entire pages in ASP but I 
have to explore server sides and there's no time like the present.  What 
you describe is exactly what's required and PGP is definitely overkill at 
this juncture.
Peter Kaulback