We have a 3rd part application that consists of HTML reports/static images/gifs etc (different file types that are not known upfront) that are pushed periodically through a trusted source to a directory that is under our application (ASP.Net 2.0) virtual
directory (IIS 6).
In our app we just need to display the first html file to each report (the html knows where it has it contect) etc. So a simple JS Iframe did the job.
However if someone knows the Virtual directory path (http:/App/Directory/Id1/Id2/....) they can browse to the images that can contain confidential data.
Is there any way of securing the files on the folder??
Thanks in Advance
View Complete Post