[thelist] Hiding file location
deke
web at master.gen.in.us
Fri Sep 7 14:41:49 CDT 2001
On 7 Sep 2001, at 14:23, Herrick, Emma posted a message which said:
> Does anyone know if it's possible to hide the location of a file being
> downloaded? That is, if user can download .pdf files from a folder on the
> server (hosted W2K/ASP) can you hide where they're downloading it from so
> they couldn't snoop for other .pdf files they're not supposed to be able to
> download?
I've never played with ASP, but it shouldn't be any different than using
a CGI application with a standard web server like Apache.
The application simply reads the URL to decide what file needs to be
sent, writes the appropriate Content-type header, sends a blank line
(that is, the Content-type header ends with double newline) and then
reads the PDF file from a directory not in the HTDOCs tree and
writes it to STDOUT (the screen).
You can use this technique when you are selling content, as a piracy
control measure.
Give the user a URL that has the encrypted date in it; that way, if the
user posts the URL to a newsgroup, it is going to expire after 2 days and
the amount of piracy will be limited. Or you can encode a serial number
in the URL and give the customer a maximum of 3 tries to download the
PDF; if he screws it up, he has to write you and ask for another URL.
deke
------------------------
"The church is near but the road is icy;
the bar is far away but I will walk carefully."
-- Russian Proverb
More information about the thelist
mailing list