-
Senior Member
- Rep Power
- 223
- Reputation
- 171
IIS ... preventing file download
Hi guys
I have a little project and I need some advice to protect a file.
I have a plain text file containing user logons and passwords. I am using ASP to read/write to the file (ie. when users need to change their password).
The file is in a separate folder from the main files but I've tested it tonight and it's possible to simply type in the direct URL and the txt file will be downloaded to your browser.
If I change the file/folder permissions for IUSR, then the ASP code fails as there are no permissions to write the file. I need to allow IUSR as I need to upload files to the folder.
Is it possible to prevent a file being downloaded, but still have write permissions?
Cheers
AussieM8
PS - I know there are other more secure options, but I want to stick with IIS and ASP/Javascript programming for the time being.
Last edited by AussieM8; 27-02-11 at 08:42 AM.
-
what about password protect the folder or file
Not an asp/IIS person,.. but shouldn't you be keeping these sorts of files outside the bounderies of what your website delivers by direct http requests ? Aim being to only manipulate the file via the code present in your active pages ?
In Apache you can configure it to specifically prevent delivering file(s), (often used for .htaccess and .htpasswd files), maybe IIS can do the same ?
Jim.....
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Bookmarks