Also if your running Windows, you can program IIS to restrict server access to only the IPs of your internal structure.
JB "Leonard Leblanc" <[EMAIL PROTECTED]> on 07/09/2002 12:30:52 PM To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> cc: Subject: Re: Restricting access to documentation Hello Mauri, I came across this same problem a little while ago. I am using Perl w/Apache as a web server but you may be able to use the same technique with asp and whatever your webserver may be. I configured apache to only allow requests to the directory that stores the PDF's from the servers local IP address. This prevented someone from entering the URL into a browser as the webserver won't accept requests from anywhere but the server itself. Then I programmed my perl script to retrieve the file with a HTTP GET request and pipe that back to the user. This works because the script is running on the server so the scripts "ip address" is the same as the server. The script also ensures that the user is logged in and has the correct permissions to view the file. If not, they are simply presented with a login screen. After a quick search on Google I found this site http://www.asp101.com/samples/http.asp which describes how you can perform an HTTP GET with asp. Just click the "View the ASP code" link under the white box that contains some HTML code and you can see how it's done. If you have any other questions feel free to let me know, and for everyone else out there if you can find a reason as to why this isn't secure, please let me know :) Leonard Leblanc ----- Original Message ----- From: "Mauri G�mez" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 09, 2002 5:34 AM Subject: Restricting access to documentation > Hi all. I have an intranet website programmed in asp which users log in with > a user and a password stored in a MS-SQL Server table. There I have private > information of my company stored in pdf format, so when people is logged in > can read and get this documentation. Till here all is correct. > The problem I�ve detected is that if anybody outside of the company types > the exact url adress in his browser of any pdf document stored in the > website, they can get the document without being logged in. I would like to > add some kind of permissions to this files, but I think that i cannot do > this in an asp page... > > Any ideas? > > Thanks in advance > > Mauri > > >
