[thelist] Hiding file location

Wade Armstrong wade at runstrong.com
Fri Sep 7 16:30:04 CDT 2001


I missed the beginning of this thread, but I think I might be able to help.

An easier way to do this is to put the files in a folder that "everyone"
can't read at all, but IUSR_MACHINENAME can read from. Your ASP scripts all
run under IUSR_MACHINENAME, so they'll be able to access the file, but a
person trying to get directly to the file by typing the URL into their
browser will get an error 403 Forbidden.

You can give authenticated users access to the documents by doing a
Server.Transfer to the document's location once they've logged in.

I have some code for this if you need it.


on 9/7/01 12:00 PM, Herrick, Emma at eherric at ju.edu wrote:

> Thanks Anthony.
> Directory browsing is off, I just didn't want people to even be able to
> guess the name of another file and download.
> On looking through a PHP Q/A a few minutes ago someone suggested
> authenticating the user, then creating a new, randomly-named folder, copying
> the file they're allowed to access to it from a secure folder with the
> fileobject system, and then deleting the folder at some future point.
> What do you think of that method?
> Emma

More information about the thelist mailing list