|
Home > Archive > IIS Server Security > February 2004 > Securing executables on the Web
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Securing executables on the Web
|
|
| Amanda 2004-02-20, 8:35 am |
| I maintain a web site in which users must log into to
recieve the information provided. There are literally
hundreds of downloads available on the site and I need to
secure them. User's cannot get to the Web page that these
executables are displayed on without logging in; however,
if a user knew the path and name of the executable he
would be able to download it.
Is there a way to secure these executables to allow only
authenicated users of the site to download them.
Any help would be greatly appreciated.
| |
| Tom Kaminski [MVP] 2004-02-20, 8:35 am |
| "Amanda" <anonymous@discussions.microsoft.com> wrote in message
news:1380001c3f7f8$afc502a0$a301280a@phx
.gbl...
> I maintain a web site in which users must log into to
> recieve the information provided. There are literally
> hundreds of downloads available on the site and I need to
> secure them. User's cannot get to the Web page that these
> executables are displayed on without logging in; however,
> if a user knew the path and name of the executable he
> would be able to download it.
>
> Is there a way to secure these executables to allow only
> authenicated users of the site to download them.
>
> Any help would be greatly appreciated.
Place the files outside wwwroot and use ADODB.Stream and
Response.BinaryWrite on an ASP to "stream" them to an authenticated user:
http://support.microsoft.com/?kbid=276488
This might help with your authentication:
http://www.aspfaq.com/show.asp?id=2114
--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsser...ty/centers/iis/
|
|
|
|
|