Uploading files and security

[Guest]

I have a fp03 site, hosted on a MS03 server with extensions enabled. My site uses a form to upload user’s personal files to a folder that I’ve created. FP later sends me an email with a link to the uploaded file. By clicking the link, I can access and open the uploaded file. So far everything is ok; however, I’m troubled by the fact that the file is accessible to all, as no authorization is required while accessing the uploaded file.
1) The best venue might have been to have the uploaded file, emailed straight to me, by the form, with an attachment and not having the file kept on the hosting server. Is that possible?

If not:
2) How do I prevent users, apart of myself, from reading files uploaded by others to my web site? I need a way so that Norton antivirus may scan the file, as it runs in the background on my local xp-pro computer, while I access the remote uploaded files.
3) How may I (or my hosting service) restrict users to upload text, rtf and Word files only?
thanks

 

[JPKarlsen [FP MVP]]

If you upload to a folder with no browsing rights or a basic default page people would need to know the exact filename to access it.

If that is not security enough, you can use ASP or PHP to upload to a folder outside of your Web hierarchy. That way no casual browser can access them.

You can use JavaScript to validate the filename.

You can find samples of validation here:

http://www.javascriptsource.com/


Regards Jens Peter Karlsen. Microsoft MVP - Frontpage.


nntp://msnews.microsoft.com/microsoft.public.frontpage.client/<[email protected]>

I have a fp03 site, hosted on a MS03 server with extensions enabled. My site uses a form to upload user's personal files to a folder that I've created. FP later sends me an email with a link to the uploaded file. By clicking the link, I can access and open the uploaded file. So far everything is ok; however, I'm troubled by the fact that the file is accessible to all, as no authorization is required while accessing the uploaded file.
1) The best venue might have been to have the uploaded file, emailed straight to me, by the form, with an attachment and not having the file kept on the hosting server. Is that possible?

If not:
2) How do I prevent users, apart of myself, from reading files uploaded by others to my web site? I need a way so that Norton antivirus may scan the file, as it runs in the background on my local xp-pro computer, while I access the remote uploaded files.
3) How may I (or my hosting service) restrict users to upload text, rtf and Word files only?
thanks

[microsoft.public.frontpage.client]

 

[Thomas A. Rowe]

Ask your host to assign permissions to the folder, but since you want to restrict the file types
that can be uploaded, which requires the use of server-side scripting and a ASP File Upload
component, then you can handle all of this with ASP or ASP.net.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, WebCircle, MS KB Quick Links, etc.
==============================================

I have a fp03 site, hosted on a MS03 server with extensions enabled. My site uses a form to upload

user's personal files to a folder that I've created. FP later sends me an email with a link to the
uploaded file. By clicking the link, I can access and open the uploaded file. So far everything is
ok; however, I'm troubled by the fact that the file is accessible to all, as no authorization is
required while accessing the uploaded file.

1) The best venue might have been to have the uploaded file, emailed straight to me, by the form,

with an attachment and not having the file kept on the hosting server. Is that possible?

If not:
2) How do I prevent users, apart of myself, from reading files uploaded by others to my web site?

I need a way so that Norton antivirus may scan the file, as it runs in the background on my local
xp-pro computer, while I access the remote uploaded files.