PDA

View Full Version : Accessing files outside A5Webroot


ABC123

Steve Wood
10-18-2004, 01:21 PM
I'd like my online customers to be able to download cusomer-specific static PDF files. I know how to do this if the PDF file is within the C:\A5Webroot\"project" folder defined as my document root in the WAS. Is it possible to create a line to a documnt _outside_ of this document root?

For example, CustomerID_A, Job1000 would be in drive S:\CustomerID_A\Job1000\mydocument.pdf.

Whether or not the above is possible, what is the best method to obscure the link address so they will not see the physical location and thereby 'guess' other customer's file locations. I was thinking about using the md5() function to create hash-valued subdirectories rather than using real customer ID's. So the above link would be s:\he121982klew294eclei8343wse329\Job1000\mydocument.pdf

Lenny Forziati
10-18-2004, 01:49 PM
Steve, the server will not directly serve files that live outside the webroot. This is by design and is for security purposes. All web servers use this principle.

You have two options to make the files available to the web user.

1) Copy them into the webroot. You can do this on a file-by-file basis and use session.session_folder as temporay storage for this purpose. The copied files will automatically be removed when the session expires.

2) Create an A5W page that opens the file and sends it to the browser. Because the A5W page runs locally on the server, it has access to the whole filesystem if you wish. This A5W page would be almost identical to the CSV sample page I created for you.

Lenny Forziati
10-18-2004, 01:50 PM
Oops, I hit the button before I was done...

If you use method 2, make sure you provide some type of protection so that the user can't specify any arbitrary file on your server.


-Lenny