Securing uploaded documents
in [ASP]
|
Prev: How to send email with no outlook and SMTP server ?
Next: Help Sending eMail To receiving@internal.mycompany.com
From: Dooza on 13 May 2010 08:26 On 13/05/2010 13:00, Bwig Zomberi wrote: > Dan wrote: >> >> "Bwig Zomberi" <zomberiMAPSONNOSPAM(a)gmail.com> wrote in message >> news:hsgc15$adl$1(a)speranza.aioe.org... >>> Dan wrote: >>>> >>>> "Dean g" <big_deanus(a)hotmail.com> wrote in message >>>> news:uHBn3u26KHA.1888(a)TK2MSFTNGP05.phx.gbl... >>>>> >>>>> Thanks for the help Bwig >>>> >>>> Just a note though - if the file is large, you may have to send it out >>>> in chunks instead of all in one go. If you Google for "ado stream >>>> binarywrite" you'll find plenty of examples of how to do this in ASP. >>>> >>> >>> Dan, I wanted to implement something like this. However, for very >>> large file downloads and slow user connections, the script will have >>> to be running for a long time. IIS will kill any request after some >>> time. Do you or anyone else know how to avoid that? >> >> Look at documentation for the Server.ScriptTimeout property :) >> > > No, Dan. There is a limit for that too. Imagine a 700 MB ISO file and > the user is on dialup. It will take several hours. IIS will kill the > request. Surely a protocol designed for larger files would be more appropriate? Like FTP maybe? Dooza
From: Dan on 13 May 2010 08:30 "Bwig Zomberi" <zomberiMAPSONNOSPAM(a)gmail.com> wrote in message news:hsgphs$uka$1(a)speranza.aioe.org... > Dan wrote: >> >> "Bwig Zomberi" <zomberiMAPSONNOSPAM(a)gmail.com> wrote in message >> news:hsgc15$adl$1(a)speranza.aioe.org... >>> Dan wrote: >>>> >>>> "Dean g" <big_deanus(a)hotmail.com> wrote in message >>>> news:uHBn3u26KHA.1888(a)TK2MSFTNGP05.phx.gbl... >>>>> >>>>> Thanks for the help Bwig >>>> >>>> Just a note though - if the file is large, you may have to send it out >>>> in chunks instead of all in one go. If you Google for "ado stream >>>> binarywrite" you'll find plenty of examples of how to do this in ASP. >>>> >>> >>> Dan, I wanted to implement something like this. However, for very >>> large file downloads and slow user connections, the script will have >>> to be running for a long time. IIS will kill any request after some >>> time. Do you or anyone else know how to avoid that? >> >> Look at documentation for the Server.ScriptTimeout property :) >> > > No, Dan. There is a limit for that too. Imagine a 700 MB ISO file and the > user is on dialup. It will take several hours. IIS will kill the request. In that case, don't do it :P As Dooza points out, FTP is more appropriate for something like this. Any application you build will have limits - you just have to figure out what is feasible and use alternate means for anything that falls outside of the parameters you come up with. -- Dan
From: Bwig Zomberi on 13 May 2010 08:34 Dooza wrote: > On 13/05/2010 13:00, Bwig Zomberi wrote: >> Dan wrote: >>> >>> "Bwig Zomberi" <zomberiMAPSONNOSPAM(a)gmail.com> wrote in message >>> news:hsgc15$adl$1(a)speranza.aioe.org... >>>> Dan wrote: >>>>> >>>>> "Dean g" <big_deanus(a)hotmail.com> wrote in message >>>>> news:uHBn3u26KHA.1888(a)TK2MSFTNGP05.phx.gbl... >>>>>> >>>>>> Thanks for the help Bwig >>>>> >>>>> Just a note though - if the file is large, you may have to send it out >>>>> in chunks instead of all in one go. If you Google for "ado stream >>>>> binarywrite" you'll find plenty of examples of how to do this in ASP. >>>>> >>>> >>>> Dan, I wanted to implement something like this. However, for very >>>> large file downloads and slow user connections, the script will have >>>> to be running for a long time. IIS will kill any request after some >>>> time. Do you or anyone else know how to avoid that? >>> >>> Look at documentation for the Server.ScriptTimeout property :) >>> >> >> No, Dan. There is a limit for that too. Imagine a 700 MB ISO file and >> the user is on dialup. It will take several hours. IIS will kill the >> request. > > Surely a protocol designed for larger files would be more appropriate? > Like FTP maybe? > FTP sends passwords unencrypted. SFTP is not available on all hosting servers. -- Bwig Zomberi
From: Dan on 13 May 2010 08:45 "Bwig Zomberi" <zomberiMAPSONNOSPAM(a)gmail.com> wrote in message news:hsgrhk$1qi$1(a)speranza.aioe.org... > Dooza wrote: >> On 13/05/2010 13:00, Bwig Zomberi wrote: >>> Dan wrote: >>>> >>>> "Bwig Zomberi" <zomberiMAPSONNOSPAM(a)gmail.com> wrote in message >>>> news:hsgc15$adl$1(a)speranza.aioe.org... >>>>> Dan wrote: >>>>>> >>>>>> "Dean g" <big_deanus(a)hotmail.com> wrote in message >>>>>> news:uHBn3u26KHA.1888(a)TK2MSFTNGP05.phx.gbl... >>>>>>> >>>>>>> Thanks for the help Bwig >>>>>> >>>>>> Just a note though - if the file is large, you may have to send it >>>>>> out >>>>>> in chunks instead of all in one go. If you Google for "ado stream >>>>>> binarywrite" you'll find plenty of examples of how to do this in ASP. >>>>>> >>>>> >>>>> Dan, I wanted to implement something like this. However, for very >>>>> large file downloads and slow user connections, the script will have >>>>> to be running for a long time. IIS will kill any request after some >>>>> time. Do you or anyone else know how to avoid that? >>>> >>>> Look at documentation for the Server.ScriptTimeout property :) >>>> >>> >>> No, Dan. There is a limit for that too. Imagine a 700 MB ISO file and >>> the user is on dialup. It will take several hours. IIS will kill the >>> request. >> >> Surely a protocol designed for larger files would be more appropriate? >> Like FTP maybe? >> > > FTP sends passwords unencrypted. SFTP is not available on all hosting > servers. Either use anonymous FTP (if the files were going on an web site without authentication), or use a custom FTP system with a short term unique ID in the filename request to authenticate against an existing request via the authenticated web application. Or come up with some other custom authentication scheme. Hosting large files on a standard public hosting package is obviously not an appropriate use of said hosting. In many cases it'll likely be a violation of the hosting T&C anyway. If you have a VPS or dedicated server then you have a lot more flexibility and should be able to set up SFTP, FTP+SSL, or any of a number of options for hardening FTP (or any other application/protocol designed for handling large files). If you're going to pick holes in every suggestion provided we're going to be here indefinitely :P -- Dan
From: Bwig Zomberi on 13 May 2010 14:07
Dan wrote: > > "Bwig Zomberi" <zomberiMAPSONNOSPAM(a)gmail.com> wrote in message > news:hsgrhk$1qi$1(a)speranza.aioe.org... >> Dooza wrote: >>> On 13/05/2010 13:00, Bwig Zomberi wrote: >>>> Dan wrote: >>>>> >>>>> "Bwig Zomberi" <zomberiMAPSONNOSPAM(a)gmail.com> wrote in message >>>>> news:hsgc15$adl$1(a)speranza.aioe.org... >>>>>> Dan wrote: >>>>>>> >>>>>>> "Dean g" <big_deanus(a)hotmail.com> wrote in message >>>>>>> news:uHBn3u26KHA.1888(a)TK2MSFTNGP05.phx.gbl... >>>>>>>> >>>>>>>> Thanks for the help Bwig >>>>>>> >>>>>>> Just a note though - if the file is large, you may have to send >>>>>>> it out >>>>>>> in chunks instead of all in one go. If you Google for "ado stream >>>>>>> binarywrite" you'll find plenty of examples of how to do this in >>>>>>> ASP. >>>>>>> >>>>>> >>>>>> Dan, I wanted to implement something like this. However, for very >>>>>> large file downloads and slow user connections, the script will have >>>>>> to be running for a long time. IIS will kill any request after some >>>>>> time. Do you or anyone else know how to avoid that? >>>>> >>>>> Look at documentation for the Server.ScriptTimeout property :) >>>>> >>>> >>>> No, Dan. There is a limit for that too. Imagine a 700 MB ISO file and >>>> the user is on dialup. It will take several hours. IIS will kill the >>>> request. >>> >>> Surely a protocol designed for larger files would be more appropriate? >>> Like FTP maybe? >>> >> >> FTP sends passwords unencrypted. SFTP is not available on all hosting >> servers. > > Either use anonymous FTP (if the files were going on an web site without > authentication), or use a custom FTP system with a short term unique ID > in the filename request to authenticate against an existing request via > the authenticated web application. Or come up with some other custom > authentication scheme. > > Hosting large files on a standard public hosting package is obviously > not an appropriate use of said hosting. In many cases it'll likely be a > violation of the hosting T&C anyway. If you have a VPS or dedicated > server then you have a lot more flexibility and should be able to set up > SFTP, FTP+SSL, or any of a number of options for hardening FTP (or any > other application/protocol designed for handling large files). > > If you're going to pick holes in every suggestion provided we're going > to be here indefinitely :P > I just needed a second opinion that I have done everything that can be done with a script. I am not picking holes. I had already tried everything you had suggested when I was faced with same problem as the OP. I provided the solution to the OP based on that experience. The files I handle are less than 70 MB and they are on a shared hosting server. However, I did not go for the ASP download solution because of slow downloaders. Currently, http folder passwords are used. This is also unsatisfactory, credentials are sent as plain text. -- Bwig Zomberi |