Loading ...
Sorry, an error occurred while loading the content.
 

Re: Security implemention question

Expand Messages
  • Richard Curtis
    ... Apache ... page ... Sorry for taking so long to reply, but I had email issues . Thanks for this suggestion - it sounds like it will probably be just what
    Message 1 of 5 , Jan 8 3:01 AM
      >Can anyone either point out any major problems with this approach, or
      > >alternatively (preferably), suggest a better alternative ?
      > >In case it makes any difference to peoples ideas/views, I am not using
      Apache
      > >for access control. Users authenticate against a database, then on each
      page
      > >they visit, their user level (taken from the session object) is checked
      > >against the access level required for that page.
      > >
      > Since You already have the users level is the Session object, you can
      > have an asp handle the downloads, like this:
      > - check if the user has the required level.
      > - set $Response->{ContentType} to whatever it is you want
      > - open the (out of the webroot) file and while reading it, output to
      > the client.

      ---

      Sorry for taking so long to reply, but I had email "issues".
      Thanks for this suggestion - it sounds like it will probably be just what I
      need.
      I have one further question though. Is there a list somewhere of all the
      "ContentTypes".
      Eg, if I am sending a word document, or a PDF, what is the content type ?

      Thanks
      Richard


      ---------------------------------------------------------------------
      To unsubscribe, e-mail: asp-unsubscribe@...
      For additional commands, e-mail: asp-help@...
    • Josh Chamas
      ... In your apache distribution, you should have the file mime.types. Here are a couple lines from that file: application/msword doc
      Message 2 of 5 , Jan 9 12:45 AM
        Richard Curtis wrote:
        > >Can anyone either point out any major problems with this approach, or
        > ---
        >
        > Sorry for taking so long to reply, but I had email "issues".
        > Thanks for this suggestion - it sounds like it will probably be just what I
        > need.
        > I have one further question though. Is there a list somewhere of all the
        > "ContentTypes".
        > Eg, if I am sending a word document, or a PDF, what is the content type ?
        >

        In your apache distribution, you should have the file mime.types.
        Here are a couple lines from that file:

        application/msword doc
        application/pdf pdf

        Note, that for some browsers, they are not smart enough to
        know what this mime types tra pdf

        Note, that for some browsers, they are not smart enough to
        know what this mime types translate to, so you should also make sure
        to end the download URL with the document extension, like this:

        /download.asp?file=real_file_name.doc

        Especially for systems that associate extensions with applications,
        this can work pretty well.

        Regards,nslate to, so you should also make sure
        to end the download URL with the document extension, like this:

        /download.asp?file=real_file_name.doc

        Especially for systems that a pdf

        Note, that for some browsers, they are not smart enough to
        know what this mime types translate to, so you should also make sure
        to end the download URL with the document extension, like this:

        /download.asp?file=real_file_name.doc

        Especially for systems that associate extensions with applications,
        this can work pretty well.

        Regards,ssociate extensions with applications,
        this trick can work pretty well.

        Regards,

        Josh

        ________________________________________________________________
        Josh Chamas, Founder phone:925-552-0128
        Chamas Enterprises Inc. http://www.chamas.com
        NodeWorks Link Checking http://www.nodeworks.com


        ---------------------------------------------------------------------
        To unsubscribe, e-mail: asp-unsubscribe@...
        For additional commands, e-mail: asp-help@...
      Your message has been successfully submitted and would be delivered to recipients shortly.