Securing uploaded documents
in [ASP]
|
Prev: How to send email with no outlook and SMTP server ?
Next: Help Sending eMail To receiving@internal.mycompany.com
From: Dan on 14 May 2010 05:29 "Bwig Zomberi" <zomberiMAPSONNOSPAM(a)gmail.com> wrote in message news:hshdse$ufq$2(a)speranza.aioe.org... > Dan wrote: >> >> "Bwig Zomberi" <zomberiMAPSONNOSPAM(a)gmail.com> wrote in message >> news:hsgrhk$1qi$1(a)speranza.aioe.org... >>> Dooza wrote: >>>> On 13/05/2010 13:00, Bwig Zomberi wrote: >>>>> Dan wrote: >>>>>> >>>>>> "Bwig Zomberi" <zomberiMAPSONNOSPAM(a)gmail.com> wrote in message >>>>>> news:hsgc15$adl$1(a)speranza.aioe.org... >>>>>>> Dan wrote: >>>>>>>> >>>>>>>> "Dean g" <big_deanus(a)hotmail.com> wrote in message >>>>>>>> news:uHBn3u26KHA.1888(a)TK2MSFTNGP05.phx.gbl... >>>>>>>>> >>>>>>>>> Thanks for the help Bwig >>>>>>>> >>>>>>>> Just a note though - if the file is large, you may have to send >>>>>>>> it out >>>>>>>> in chunks instead of all in one go. If you Google for "ado stream >>>>>>>> binarywrite" you'll find plenty of examples of how to do this in >>>>>>>> ASP. >>>>>>>> >>>>>>> >>>>>>> Dan, I wanted to implement something like this. However, for very >>>>>>> large file downloads and slow user connections, the script will have >>>>>>> to be running for a long time. IIS will kill any request after some >>>>>>> time. Do you or anyone else know how to avoid that? >>>>>> >>>>>> Look at documentation for the Server.ScriptTimeout property :) >>>>>> >>>>> >>>>> No, Dan. There is a limit for that too. Imagine a 700 MB ISO file and >>>>> the user is on dialup. It will take several hours. IIS will kill the >>>>> request. >>>> >>>> Surely a protocol designed for larger files would be more appropriate? >>>> Like FTP maybe? >>>> >>> >>> FTP sends passwords unencrypted. SFTP is not available on all hosting >>> servers. >> >> Either use anonymous FTP (if the files were going on an web site without >> authentication), or use a custom FTP system with a short term unique ID >> in the filename request to authenticate against an existing request via >> the authenticated web application. Or come up with some other custom >> authentication scheme. >> >> Hosting large files on a standard public hosting package is obviously >> not an appropriate use of said hosting. In many cases it'll likely be a >> violation of the hosting T&C anyway. If you have a VPS or dedicated >> server then you have a lot more flexibility and should be able to set up >> SFTP, FTP+SSL, or any of a number of options for hardening FTP (or any >> other application/protocol designed for handling large files). >> >> If you're going to pick holes in every suggestion provided we're going >> to be here indefinitely :P >> > > I just needed a second opinion that I have done everything that can be > done with a script. I am not picking holes. I had already tried everything > you had suggested when I was faced with same problem as the OP. I provided > the solution to the OP based on that experience. > > The files I handle are less than 70 MB and they are on a shared hosting > server. However, I did not go for the ASP download solution because of > slow downloaders. Currently, http folder passwords are used. This is also > unsatisfactory, credentials are sent as plain text. > For the latter issue, you will either need to look into SSL (which is often difficult with shared hosting as it requires a dedicated IP address for the site, or a SAN certificate covering all required virtual servers on a single IP), or NTLM/Integrated Authentication (which IIRC doesn't work if there are proxy servers involved between the browser and server). -- Dan
From: Dean g on 17 May 2010 14:55 Hey guys, I have a new problem hopefully you can help with. Do you know how to detect the mime type of the file on the server? some of my pdf files aren't getting recognized as pdf's and filling the page with garbage. i Think i need to determine the appropriate MIME type from binary data, but don't really have a clue where to start. *** Sent via Developersdex http://www.developersdex.com ***
From: Bwig Zomberi on 18 May 2010 00:35 Dean g wrote: > Hey guys, > I have a new problem hopefully you can help with. Do you know > how to detect the mime type of the file on the server? some of > my pdf files aren't getting recognized as pdf's and filling > the page with garbage. > > i Think i need to determine the appropriate MIME type from > binary data, but don't really have a clue where to start. Check the extension of the file. If it is "PDF" or "pdf", then set the mime type to "application/pdf". Response.ContentType = "application/pdf" A list of popular mime types: http://msdn.microsoft.com/en-us/library/ms775147(VS.85).aspx#Known_MimeTypes For unknown mime types, I think you need to use "application/octet-stream" -- Bwig Zomberi
From: Dan on 18 May 2010 05:18 "Bwig Zomberi" <zomberiMAPSONNOSPAM(a)gmail.com> wrote in message news:hst5av$9sq$1(a)speranza.aioe.org... > Dean g wrote: >> Hey guys, >> I have a new problem hopefully you can help with. Do you know >> how to detect the mime type of the file on the server? some of >> my pdf files aren't getting recognized as pdf's and filling >> the page with garbage. >> >> i Think i need to determine the appropriate MIME type from >> binary data, but don't really have a clue where to start. > > > Check the extension of the file. If it is "PDF" or "pdf", then set the > mime type to "application/pdf". > > Response.ContentType = "application/pdf" > > A list of popular mime types: > http://msdn.microsoft.com/en-us/library/ms775147(VS.85).aspx#Known_MimeTypes > > For unknown mime types, I think you need to use "application/octet-stream" This is probably the best solution. IE7 and higher do have "MIME sniffing" too which will attempt to determine the real MIME type from the file header, but this seems to fail from time to time. -- Dan
From: Dean g on 18 May 2010 07:44
I already check the ext bwig, the problem is they are not necessarily genuine pdf's. I've been searching for mime sniffing code like u suggested Dan, but so far can only find resources for .net *** Sent via Developersdex http://www.developersdex.com *** |