Protect a folder

D

daddyc

Perch
I have seen a post like this here before, but have a slightly different question for Jodohost.

My site has a folder of datafiles that I stream to the browser using ASP.NET server-side code when required. The users should not be able to access these files directly. The only method of access should be clicking a button which fires off the streaming to the browser.

Having browsed the web and read numerous discussions on this topic, it seems the best way to do this is to place the files in a folder inaccessible to the user. For example, if my site was located in c:\wwwroot\mysite I could place the files in d:\datafiles where they could never be accessed directly from the web. The server would still have access to that folder though so I could still stream them from ASP.NET code.

So is there a way I can set this sort of thing up on Jodohost? Is there a way to make a folder that cannot be accessed from the web?

Obviously if I make the folder a sub-folder in my main site area, it can be accessed from the web (as long as the user knew the filename).

What about if I created a folder my main account root area (the one that contains the mysite.com folder). Would that work?
 
Yes that will work. Also soon when we upgrade to WebShell 4, it will be possible to password protect directories.
 
I used this technique and it works fine. So go ahead and try it. The only thing you need to think about... is how you are streaming files out. If you are using for example ADODB.Stream (what I did), remember to have files small, or you will need to "split" them. If you'll try to stream out with ADODB.Stream a big file, let's say 50Mb, it WHOLE will be loaded into server's memory and will stay until user finishes his download. This is not good. So you can split the files to smaller chunks (1-2Mbs) in script (just read few bytes and pull them out, read and pull, etc.). Of course not an issue with small files as I said :)
 
Thanks atulkumar. I'll give it a try.

StPatrick...the files will only be 50-150K so it shouldn't be a problem. Thanks for the advice though. Also while I've got you, do you have a good method of deleting a file once it's been successfully streamed? I have PDF files I generate as required from my database. I store them in a temp folder and then stream them to the browser. I assume once I give the command to stream the file to the browser, processing of my script will stop? So if I put a delete command on the next line, it won't get run? Or maybe delete before the file has been streamed?

I would like to avoid having to empty the temp folder every day to make sure I don't use too much disk space.
 
Thanks StPatrick.

The files aren't actually stored in the database. I build a file using data in the database (eg. invoices look at the invoicing table and build a PDF file detailing each record).

But I think the same sort of method might still work. I'll give it a try.
 
An alternate way of streaming using .NET:

outputImageViaHTTP(ImageURL, Response)

Sub outputImageViaHTTP(absolutePath as String, ResponseObj As HttpResponse)

Dim oFileStream as FileStream
Dim lFileSize, lStartpos as Long

oFileStream = new FileStream(absolutePath, FileMode.Open, FileAccess.Read)
lFileSize = oFileStream.Length

Dim bBuffer() as Byte

ReDim bBuffer(lFileSize)

oFileStream.Read(bBuffer, 0, lFileSize)
oFileStream.Close()

ResponseObj.ClearContent()
ResponseObj.ContentType = "image/" & lcase(GetFileExtension(absolutePath))

ResponseObj.BinaryWrite(bBuffer)
oFileStream.Close()
ResponseObj.End()
End Sub
Click to expand...

Ofcourse u still have to keep in mind that the file is first being loaded into the memory and we wouldn't wanna load too much at a time.

ASP.NET also has good output catching features if you might need to stream the same file at a later time.

Neways..that said, I am curious daddyc how are you generating your pdf file in ASP.NET?
 
You must log in or register to reply here.
Back
Top