Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

How to protect access to files on a server

Hi Experts

A million thanks to all answers in advance..

i have few files on a server that i wish to download to a user..not all to one...the file names have user id in them...

problem is..though i am able to export the file using all possible ways...i can't hide the URL completely from user....am able to hide the address bar but then the URL gets displayed in title bar and that couldn't be hidden coz im opening the file in an ExternalWindow..

alternately i tried to directly export the file from a jsp but that too wasn't effective..

does anyone around have a solution to this...i wish i can generate a mechanism that completely hides the implementation from user..and even if the user has URl, he/she shouldn't be able to use it to hotlink to file (more like cross-site-scripting)

suppose my file URl is http://server:port/appContext/fileName1.pdf

then a user shouldn't be able to access a file named fileName2.pdf simply by changing the name in pdf.

believe me i've possibly explored all threads with all ideas..using IHttpRequest..gettimng request.getHttpSessionId...sending it over to jsp..but then..i don't have an equivalen session Id on jsp to comparo to and authenticate the user...

..seem to have hit a wall..

can someone please help me on this...

in desperate need of yr ideas...

thanks

Former Member
Not what you were looking for? View more on this topic or Ask a question