Security :: Download, Upload, And Security?
Jun 10, 2010
im trying to build upload/download website ... a simple website but i have some questions about security .the websites is only for users so basicaly :login/register - > then u can access the website and download or upload + html commentsonce new user register they can create a folder ( Directory.createDirectory ) so the link is like that :www.|website|.com/USERNAMEso is it ok to create user folder in the main web folder (root) ?if its risky .. how can i do it in more appropriate way ?another question is about the comments ... im using ajax html text editor from [URL]
so is it safe or i have to add some lines ?finally , is it good idea to store the comments in xml file ?
im usng C# ... and im using simple codes from everywhere :)
View 4 Replies
Similar Messages:
Sep 9, 2010
I'm working on a website where it should be possible for registered users to upload word documents. The administration of users is done through Membership and Profiles. When the documents have been uploaded, the following needs to be achieved:Non-registered users should not be allowed to download documents I should be able to control which users that has access to which documents I should be able to register which user downloads which documents I should be able to track how many times a document has been downloaded
Can this be achieved be using Membership and Profiles?
View 1 Replies
Dec 17, 2010
I'm working on a website that streams audio files for the user from a directory on the server machine. How do I protect the audio files from users being able to navigate to the folder and just downloading them locally, but still provide them access to stream them? If I set permissions on the folder via IIS, is there a level that I can set so that the server can stream but not allow anonymous access?I'm sure there is a tutorial or other thread about this out there, it's just hard to search for this specific issue. Any help or a simple link to another thread/tutorial
View 3 Replies
Jun 8, 2010
I am completely stuck here. Basically, I am serving a file to the user by sending it using Respnse.BinaryWrite. I am also sending this on a redirected page so as not to destroy the Response stream of the webpage which fired the filedownload. This works perfect on my development machine, it also works perfect on Firefox.However, if I publish to my test server, on IE 8 (and 7 I presume) a security warning bar appears (does not appear in dev mode on my pc), asking the user to accept or decline the file. Now the not-so-funny thing: If the user accepts, the file is NOT served, I just get back to my main webpage. If the user tries a second time to get the file the security question will NOT pop up again and the file is served.How can I make sure the file is served in the first instance if the user accepts the security warning and wants to download?
Code used:
HttpContext.Current.Response.Clear()
HttpContext.Current.Response.AppendHeader("Content-Disposition", String.Format("attachment; filename={0}", Session("FileName")))
HttpContext.Current.Response.AppendHeader("Content-Length", myReportData.Length.ToString())
HttpContext.Current.Response.ContentType = "application/pdf"
HttpContext.Current.Response.BinaryWrite(myReportData.ToArray)
HttpContext.Current.Response.Flush()
HttpContext.Current.Response.End()
View 7 Replies
Sep 16, 2010
I'm running into an issue where in IE the security dialog is popping up and if I click download File the file is never downloaded..it just goes back to the main page.
View 3 Replies
May 25, 2010
we have uploded multiple documents. i want to faclitate free user to download one of file.
If Free User want to download another file then i want to show message "Register now for download this file "
If User will complete the registration from then he can download multiple files.
View 2 Replies
Nov 9, 2010
I'm using paypal to make payments for an online digital download purchase. Once the payment is accepted the person is redirected to a page where they can download the product. I need to know how do I make a page that can only be accessed once via redirect.
View 1 Replies
Dec 24, 2010
https://tolivault.com/groups/123-456-abc-def/media/default.aspx?FolderID=51
login as sampleclient/sampleclient
View 2 Replies
Feb 8, 2011
Is there any website from where i can download the skin files for my logincontrols?
View 2 Replies
Mar 3, 2010
At one point this was working, but somewhere something happened. What I am trying to do is simply download a page from our local site. I keep getting the 401 unauthorized.
I have tried NetworkCredential("user", "password", "domain")
and
CredentialCache cc = new CredentialCache();
cc.Add(new Uri("http://site/"), "Windows", new System.Net.NetworkCredential("user", "password", "domain"));
but that didnt work . We are using Windows authentication with no anonymous access.
Here is what was once working:
WebClient wc = new WebClient();
string FileName = Server.MapPath(\App_Data\rpt.htm);
wc.Credentials = CredentialCache.DefaultCredentials;
wc.DownloadFile("http://site/Report.aspx?OrderNum=7534&Type=inv&BE=1", FileName);
View 1 Replies
Jul 2, 2010
i was just wondering how one would approach creating a link that would be active for 24 hours for a user... ie i have in the db a time of confirmation and then wanted to make a download active for them for 24 hours and deactivate it post then.
View 1 Replies
Feb 15, 2010
i use file upload to upload file a folder. but i need to give write permission to IUSR_MACHINENAME user. Can i achieve this with different user Account Credidental?
View 2 Replies
Jan 24, 2010
I have a database of users that we used to have on a different system. The users already have their username and passwords associated with.
Now we are switching the entire system to .Net , and we will be using the membership to authenticate the users and start creating the new users with the wizard.
My question is : how could we import the users from a different database (mysql) , to the membership database on MS SQL ?
And also the passwords on the mysql database are in clear text , when we import them to the membership database on ms sql , is it going to apply the hash on them ?
View 1 Replies
Dec 16, 2010
In my website I have a page to upload files. It works fine when I run the website on my local machine and also in visual studio in the server. But, I cannot upload files when I access the website through the browser. I have given all the pemissions I know to the upload folder like - ASPNET, Network Service and IUSR. I am using IIS 6. It is a dedicated hosting. I can access all the pages, but only the upload does not upload files to the folder and it goes to the error page (but I don't know what is the error).
View 1 Replies
Jun 2, 2010
i was looking for a solution in which i need to encrypt all file uploaded in my upload controls, so when ever any intruder tries to view the files directly in its destination folder, they can't open it, and the only way they can open the files is by going to the website and downloading it there, of-course after they have log in into the website. i just become curious to change the Attributes of the Destination folder on its Advance Properties to "Encrypt content to secure data", yes indeed the files are encrypted including the newly uploaded files and indeed i can't open them directly in the Destination Folder, but i can't also open them when i try to download them in the website,
View 5 Replies
May 18, 2010
I am trying to create a new user that includes a file upload. I want to write the file name to the database in a table called MemberInfo.
Here is my button code:
[Code]....
View 1 Replies
May 14, 2010
I am wondering what the best strategy is for accepeting http uploaded files on a web server in a safe way? I have access to scanning software which will quarantine suspect files, but not really sure what the best practice is for this kind of thing?This is somewhat of a pest as the form data and the uploaded file form a logical unit - the fact the files must be scanned (pottentially quarantined) means I would need some kind of callback, post upload mechanism for handling this.
Is there a preferred way (or peice of software) for handling thsi kind of thing?Happy to elaborate of anyone wants to comment or assist? I'm aware I can limit file size, file extension etc, so really just concerned about stopping viruses entering the web server and/or network. And I guess to do so in awy that allows me to interact with scanning software such that I get feedback in relatively real time??
View 1 Replies
Jun 14, 2010
I want to limit the allowed uploaded file types to images, pdfs, and docs. What is the recommended way to approach this?
I assume checking the file extension alone is not enough, since an attacked can change the file extension as he wishes.
This is basically for a course management system for students to upload assignments and teachers to download and view them.
View 5 Replies
Apr 6, 2010
I'm doing a project in component management system. I need to block executable files from getting uploaded. Blocking should not be based on the extensions. For example, i've a file named abc.exe i'm going to change the file extension to abc.jpg in this case that abc file should not get updated. Similar to that in gmail file attachment.
View 2 Replies
Feb 28, 2010
I'm doing a project in component management system. I need to block executable files from getting uploaded. Blocking should not be based on the extensions. For example, i've a file named abc.exe i'm going to change the file extension to abc.jpg in this case that abc file should not get updated. Similar to that in gmail file attachment.
View 1 Replies
Jun 16, 2010
I want to limit the allowed uploaded file types to images, pdfs, and docs. What is the recommended way to approach this?I assume checking the file extension alone is not enough, since an attacked can change the file extension as he wishes.I also thought about checking against MIME Type using PostedFile.ContentType.I still don't know if this is adding any further functionality than checking against file extensions alone, and if an attacker have and ability to change this information easily.This is basically for a course management system for students to upload assignments and teachers to download and view them.
View 2 Replies
Jan 6, 2011
Iam using a file upload control for uploading files in my asp.net application. iam using the following code to impersonate the users who do not have permission for the files to upload. The code works fine for all the files, but it is not working for the files which are in desktop.
Code in .cs file:
System.Security.Principal.WindowsImpersonationContext impersonationContext;
impersonationContext =
((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
//Insert your code that runs under the security context of the authenticating user here.
impersonationContext.Undo();
In web.config iam using the following:
<identity impersonate="true" />
View 3 Replies
Feb 11, 2011
I have to create a utility through which user can able to upload singh or multiple files with the use of asp.net FileUpload Server control.
I am looking for Security concern for the same. What are the points need to keep in our minds which violate security. One main issue is in my mind is related to Viruses - means
How to prompt user for viruses and terminate the upload operation How to scan files for viruses during upload operation There may be several Security risks. discuss the issues/risks with proposed solutions.
View 1 Replies
Jun 2, 2010
in my asp.net application, I am trying to upload email from outlook of my account. I get the error mentioned below.
[System.Web.Services.Protocols.SoapException] = {"The server to which the application is connected cannot impersonate the requested user due to insufficient permission."}
View 1 Replies
Dec 15, 2010
I have to invoke SSIS packages from web service in the most secure way. I think that windows authentication will be secure but i am not sure. I do not have much knowledge about how to achieve this and the information on the internet is very distributed.
View 1 Replies
