When you put something on the web, you've got to be careful, because anyone can access it if they just guess the correct URL. If you have sensitive material, or material that folks must pay for, then you want to make sure that not just anybody can get to it. The inspiration for this article comes from an ASP Messageboard post, which reads:
I have a problem and that is that my company decided to make customers invoices available throught the extranet. This is all fine and good except that I have to program the thing.
The situation is as follows:
- Invoices are generated with a program that leaves a bunch of pdf files in a directory ( INV/00001.PDF; INV/00002.PDF; Etc. )
- There is a table in oracle that has ( ACCT, PASS )
- There is a table in oracle that has ( ACCT, FILE, DATE )
- There is a Form with ACCT, PASS
The form submits to an asp that looks up acct in table 1 and compares PASS in form with PASS in Table. If it is ok then Look up in Table 2 all records that match ACCT.
The resulting html file is something like this :
<% Do Until RS_2.EOF %> <a href="/INV/<%=RS_2("FILE")%>"> <%=RS_2("DATE")%> </a> <% RS_2.movenext Loop %>
Now what is to stop someone to looking at the url and start typing in the address bar something like :
and seeing someone else invoice? How can i make this project viable and secure?
Well, we are going to use ASP to hide our files. Rather than linking directly to the file using the
method shown above (
<A HREF="/INV/<%=RS_2("FILE")%>">), we will link directly to
an ASP file called
showFile.asp. Through the querystring we will pass in the file name
(less the directory), the content type, the UserName, and the Password.
Previously, the field
RS_2("FILE") probably contained the full URL to the PDF file. All
we want it to contain is the actual file name. We will bury all of the PDF files into a long, deep
directory name, to greatly minimize the chances of someone just guessing the URL of the PDF files.
(If someone were to guess the full URL of the PDF files, and typed that URL into their browser,
they would be able to view the PDF files; it's not a security flaw, just the nature of the web.)
To accommodate the changes we will need to change the looping code to:
(Note that the above HREF was broken into multiple lines to make it easier to read through your browser. The entire HREF needs to be on one line...)
Now, what we need to accomplish in
showFile.asp is the following: first, verify that
the user has rights to look at this file. If he or she does not, then we want to redirect them to
a page explaining that they do not have adequate permissions to view that particular PDF file.
The reason we need to verify the username/password, is to stop someone from calling
and guessing at PDF file names. For example, if their invoice is 00001.pdf, they might try 00002.pdf,
which might be an invoice for another client. We don't want them to see 000002.pdf if it's not their
You may be wondering how we're going to do all of this... well, that will all be explained in the next part of this article!