Securing folders & databases

[DJJ]

Any update on the availability of this?

[soky]

Quote:

Originally posted by alexc
Landiserve has got the database thing down but the only way to password protect a web directory on the Windows servers is with the user's FTP username and password. The Windows/IIS servers do not have an access control system that's sophisticated enough to let you do what you want to.

PSoft allowed the implication that the new version (4) of the Webshell would have this. I have browsed their demo of the new version and it seems lacking. What do you think is a reasonable timeframe for the implementation of NT user access? I am finding this one hole in the Matrix/Vortech armor a bit troublesome.

Let me be clear... I love all the other features... but I must be able to add users and edit NTFS permissions on a couple complicated domains I have. These few remain on another host for the time being ... I would love to move them. The other reason I like having access is I can apply one user (me) with a common login and password to all domains with admin access. This way I don't have to recall a dozen unique logins.

Please tell me a solution is in process.

Please?

[Silverbug]

Quote:

Originally posted by antic
Silverbug - Actually I tried that first, but MapPath didn't want to go above the root inside the brackets. MapPath("/../") still comes back with the "domain.com" root folder for some reason. That's why I put the ".."s in the physical-path side of things.

you dont need the leading / in the MapPath"/../")

so if you had the following folders

db
domain.com <- website root

and within the domain.com folder you wanted to access a file in the db folder. you would server.mappath("../db/dbname.mdb")

is that what you wanted?

Also in terms of the password thingy it wouldnt be terrible hard to slap something together that allowed people to enter their username and password to download files in that area. have the page check the username and password and if it is successful then send the file to their brower. I have done it with one of my clients sites. pm me if you want more info.

[antic]

Hi Silverbug. Yep I know about the mappath thing, it can be done several ways, it's just a matter of preference.

The token-based password protection system (an ISAPI filter I assume) is much more comprehensive. It basically allows you to create FTP sub-accounts which your clients can access via a proper FTP client. It also allows the creation of password-protected web folders using proper Windows challenge-response. It's not the same as an ASP script that asks for a password. It gives you direct access to IIS folder security FTP accounts.

http://www.dafweb.com/daf42/

I'd like to repeat my plea to see this implemented. See my post about it on the previous page.

[Silverbug]

sounds good, will have to check it out.

[antic]

I'm one step closer to bugging people enough to get FTP sub-accounts and web folder security using DAF! (see above)

Check out this response from PSoft:

http://forum.psoft.net/showthread.ph...3&goto=newpost

Whomever reads this, please add your support to that thread if you also feel it's a worthwhile project to get happening.