This is what I did a few years ago for North, and it works really
well. I have a directory outside the web root directory where the
files reside, and when someone tries to download a file from the
intranet they are actually hitting a TAF. That TAF in turn checks
their credentials, and if they have permission to access the file,
Witango serves the file using a read action from the 'safe' directory
and outputs it directly to the user's browser with a modified HTTP
header. I just this week created one like the second scenario Robert
described that stores the file in a database instead of in the file
system. Our intranet currently houses about 100,000 design files and
production cards, all of which got into and come out of the system in
this way every day.
I would think that since you're maintaining records/approvals for
files, then that table can be used to create a page with links on it
for that particular advertiser. WHen they log in they would then be
able to download the files that they have permission for based on
that approval table.
Jason
-----
Jason Pamental
Director of Web Services
North Sails
Office: 401.643.1415
Fax: 401.643.1420
Mobile: 401.743.4406
Email: [EMAIL PROTECTED]
On Dec 7, 2006, at 9:47 AM, Robert Garcia wrote:
There are 2 ways. The download link hits a witango taf, which uses
file read, to your image directory, and spits out the contents, as
a file, this will hide the image directory from the users, and they
must go through your taf to get the file. So they won't be able to
enter the directory to download direct, cuz they won't know it.
The second, is the same, you just put the file in a database, and
witango extracts it, and serves it. These are both the same
solution, one uses a file read action, the other uses a db action.
Neither allows the user to bypass, unless somehow you don't hide
your image directory well enough. :-) So put your directory in a
place where the witango service can see and read, but the http
service cannot.
--
Robert Garcia
President - BigHead Technology
VP Application Development - eventpix.com
13653 West Park Dr
Magalia, Ca 95954
ph: 530.645.4040 x222 fax: 530.645.4040
[EMAIL PROTECTED] - [EMAIL PROTECTED]
http://bighead.net/ - http://eventpix.com/
On Dec 7, 2006, at 6:24 AM, WebDude wrote:
Hey folks,
I got something I am trying to figure out the best way to do.
I am building a simple basket system in which advertisers can add
images. After ordering, an email is sent to the corporate office
and they, in turn, approve the images selected and then a link/
links is/are sent back to the advertiser to download the images.
No Transactions involved. No ftp involved.
All the images need to stay in the same directory and all the
advertisers know the name of the images. Is there or has anyone
thought of a way to limit the download/link to the images to just
the ones in the basket?
In other words, say we have this in the directory...
Image1.jpg
Image2.jpg
Image3.jpg
And one advertiser adds Image1.jpg into a basket and gets
approval. He is sent a link to download ie... http://
<path>imagedirectory/Image1.jpg.
I need to figure out a way where that advertiser cannot just type
in http://<path>imagedirectory/Image2.jpg and download that image.
Remember, all the advertisers know the names of all the images.
There are way to many advertisers to use Windows authentication.
All users have a password to login built in Witango. I've been
messing around with virtual directories but was just wondering if
there is a better solution.
Any good ideas out there?
Thanks!
WebDude
_____________________________________________________________________
___
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
______________________________________________________________________
__
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
