|
|
 |
Re: FN-FORUM: Paid for file downloads / streaming
date posted 1st December 2003 15:52
nope, in the url window all they'll see is the .asp file - they'd have
to guess the directory to find the file. you could also add a couple of
honeypot directories to catch the IP addresses of anyone looking to
leech as well.
if you use the stream method, you can place the file outside of the
webroot, however it loads the file into memory so you need a beefy
machine if theres lots of large files.
and as i said earlier, if needs be you could always create a virtual
directory on the fly, that way theres no way of accessing the files over
the web unless they've logged in whereupon a virtual directory is
generated based on their session ID which points to the folder with the
video files.
and amanda owen has just mentioned the web.config file, i havent had
time to du much with .net, but that might be the trick?
Andy Macnaughton-Jones wrote:
>Does that not still mean that the user can actually see the file, the
>response.redirect would cause the browser to re-request. I suppose using
>server.transfer would be ok but again I want to make it so that it's not
>possible to link to the file because one of the reasons we're having to
>go down this route is people leaching the files.
>
>
>Andy
>IWD2 LLP
[EMAIL REMOVED]
>
>-----Original Message-----
>From: David Eckersall [EMAIL REMOVED]
>Sent: 01 December 2003 15:19
>To: Andy Macnaughton-Jones
>Subject: Re: FN-FORUM: Paid for file downloads / streaming
>
>
>yup, you supply it a valid URL, however using the response.redirect in
>the asp means its location is 'cloaked' and you can do any security
>testing before passing it over.
>
>its also something i use to replace frames where you need to keep doing
>a check (say for new webmail) for something, have javascript refresh an
>image tag with an asp URL, every time its called it checks for mail and
>supplies the appropriate image...
>
>Nick Grimshaw wrote:
>
>
>
>>David Eckersall:
>>
>>
>>
>>
>>>well you can do one of two things, have the download page be an asp or
>>>
>>>
>
>
>
>>>aspx page with the content-type set as the video format and just
>>>response.redirect to the video:
>>>(snip code)
>>>
>>>
>>>
>>>
>>Surely response.redirect would just send a 302 (or similar) to the
>>client, which means that the video would still need a valid URL?
>>
>>- Nick Grimshaw
>>{ if you're not part of the solution, you're part of the precipitate. }
>>
>>
>>
>>
>>
>>
>
>
>
>--
>* The Web Design Business Kit *
>Find out how to price your work, market your business, make pitches that
>get the client, write effective proposals and beat the competition into
>the ground. Download 4 free sample chapters.
>http://sitepoint.com/launch/b7c91e/
>
>To advertise here: http://www.freelancers.net/advertising.html
>
>
>
>
|
|
|
