[thelist] Hiding file location

deke web at master.gen.in.us
Fri Sep 7 14:41:49 CDT 2001

On 7 Sep 2001, at 14:23, Herrick, Emma posted a message which said:

> Does anyone know if it's possible to hide the location of a file being
> downloaded? That is, if user can download .pdf files from a folder on the
> server (hosted W2K/ASP) can you hide where they're downloading it from so
> they couldn't snoop for other .pdf files they're not supposed to be able to
> download?

I've never played with ASP, but it shouldn't be any different than using
a CGI application with a standard web server like Apache. 

The application simply reads the URL to decide what file needs to be
sent, writes the appropriate Content-type header, sends a blank line
(that is, the Content-type header ends with double newline) and then
reads the PDF file from a directory not in the HTDOCs tree and
writes it to STDOUT (the screen).

You can use this technique when you are selling content, as a piracy
control measure.

Give the user a URL that has the encrypted date in it; that way, if the 
user posts the URL to a newsgroup, it is going to expire after 2 days and
the amount of piracy will be limited. Or you can encode a serial number
in the URL and give the customer a maximum of 3 tries to download the
PDF; if he screws it up, he has to write you and ask for another URL.


 "The church is near but the road is icy; 
  the bar is far away but I will walk carefully." 
                            -- Russian Proverb

More information about the thelist mailing list