Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > Other ASP.NET > BOOK: Beginning ASP.NET Security
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
BOOK: Beginning ASP.NET Security
This is the forum to discuss the Wrox book Beginning ASP.NET Security by Barry Dorrans; ISBN: 978-0-470-74365-2
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning ASP.NET Security section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developersí questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
 
 
Thread Tools Display Modes
  #1 (permalink)  
Old April 17th, 2012, 12:22 PM
Registered User
Points: 14, Level: 1
Points: 14, Level: 1 Points: 14, Level: 1 Points: 14, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2012
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default App_Data Accesibility pg 213

Hi,

I am posting this thread for a problem that I got in trouble, reading the paragraph Making Static Files Secure pg. 213

I have put the two .txt files, Example1.txt and Example2.txt in the App_Data folder.

Then I requested the default page and I selected to from the dropdownlist the Example1.txt.

I got the http://localhost:53557/UsingFileSyst...e=example1.txt

and then I changed the URL, as follows
http://localhost:53557/UsingFileSyst...aspx?filename=
~/App_Data/example1.txt and I got the content of the example1.txt file !

My problem is that according to the book, on page 213

"The App_Data folder is configured so that any file it holds cannot be accessed via the browser" !

The code in the getfils.aspx.cs file is the following:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.IO;

public partial class getfile : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Response.Clear();
//string filename = Path.GetFileName(Request.QueryString["filename"]);
//FileInfo file = new FileInfo(Server.MapPath(Path.Combine("App_Data", filename)));
string filename = Request.QueryString["filename"];
FileInfo file = new FileInfo(Server.MapPath(filename));
Response.AddHeader("Content-Length", file.Length.ToString());
Response.WriteFile(file.FullName);
Response.End();
}
}

I would like to thank you in advance for any response!
  #2 (permalink)  
Old April 17th, 2012, 01:52 PM
Wrox Author
Points: 39, Level: 1
Points: 39, Level: 1 Points: 39, Level: 1 Points: 39, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2010
Posts: 9
Thanks: 0
Thanked 1 Time in 1 Post
Default

"The App_Data folder is configured so that any file it holds cannot be accessed via the browser"

The key here is "via the browser". You cannot, for example, load http://example.org/App_Data/example1.txt

However you can do whatever you like in code, including loading files from C:\Windows should you so desire.
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Moving DB to App_Data Folder demac3 BOOK: Beginning ASP.NET 4 : in C# and VB 3 November 24th, 2010 07:11 PM
p 213 Rachel BOOK: Beginning ASP.NET 3.5 : in C# and VB BOOK ISBN: 978-0-470-18759-3 8 December 23rd, 2008 11:05 AM
accesibility..... seymour_glass C# 11 October 31st, 2007 03:17 PM
sql 2000 under app_data directory Maxxim ASP.NET 2.0 Basics 4 February 14th, 2007 08:21 PM



All times are GMT -4. The time now is 12:54 PM.


Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.