Hi
I am selling some eBooks on my website. I did a lot of works to protect them from direct browsing and accessing them by the malicious users. Any try to access the files directly is forbidden now.
My visitors can buy an eBook file. Once the payment completed the download link will be appeared. Clicking the download link the download process starts. In my C# code I am using a linkbutton and postback to send bit streams back to the client:
string fileName = Server.MapPath( Original FileName);
System.IO.FileStream myStream = new System.IO.FileStream(fileName, System.IO.FileMode.Open, System.IO.FileAccess.Read);
byte[] buffer = new byte[(int)myStream.Length];
myStream.Read(buffer, 0, (int)myStream.Length);
myStream.Close();
Response.Clear();
Response.ContentType = "application/octet-stream";
Response.AddHeader("Content-Length", buffer.Length.ToString());
Response.AddHeader("Content-Disposition",
"attachment; filename=" + Ticket);
Response.BinaryWrite(buffer);
Response.End();
Here the “Ticket” is the random name to hide the real file name. But now the alexa.com just simply shows my eBooks directory at the “most downloaded” session.
If the Alexa.com can read my files directory, then the malicious users also can do
I really worry about the security of my files and directories.
By the way I cannot access to the IIS and I should handle programmatically this issue
Thanks for attentions