I have a WCF Service which is consumed by a web application right now.
This WCF service creates reports and saves them to a folder on server.
Also, it updates the database with a complete url to download the report.
I am concerned about the security of complete url being updated in the database. One option is to save only the report filename in database but then Client Application has to know in what folders the report is stored on server... which essentially means that
all calling application has to know about the report location on server.
Note: Folders are created dynamically depending on request, so can't save the folder path in config file.
Whereas if I add the report location to database, client application can simply query for that and access the report.
Please guide me for a secure way out.
View Complete Post