The question in brief: How can I set up WebDav so that unauthenticated users can download files with a URL, but can't access a list or make changes to the share?
The long version:
I'm new to WebDav. I'd like to replicate the Dropbox/public folder functionality. That allows any user with the correct URL to download a file, but no unauthenticated user can access a list of the files in the subdirectory or make any changes to the public folder.
I'd like to be able to send my client a URL to a file for download without exposing the whole contents of the share and, importantly, without requiring the client to have a user id and password.
The WebDav directory should also not be alterable or viewable by anyone who doesn't have a user id and password.
The WebDav directory is isolated on my server and I can alter .htaccess files.
Related
I have an image hosting site set up in IIS, for example the products folder would be www.foobar.com/products/. Is this any way to prevent public access to this link, but allow public access to links such as www.foobar.com/products/some_product.jpg?
For some reason this folder doesn't return a 403 error, but the rest of the folders do. I don't see any differences in security settings under folder properties.
I have created a page to upload pdf files to a file system. As an admin, I am suppose to be the only one accessing those files by clicking on any link to show the file. This is one of the files that I can access.
http://myDomainName.mySite.com/Uploads/1809_UL.pdf
BUT, if someone else knows the URL address, he/she can access to all my files. The Question, how can I secure accessing the files and ONLY allow specific authenticated users to access the files.
I am looking for a solution that will allow me to check if the user has access to files located on s3.
Right now I have only two content status public and private but when one user copy the file URL and the uploader change state to private the first user still get access to this file.
I know I need to create some kind of service to authorize users but I don't know how to return data to them without exposing the s3 url
I want to give permissions for subfolders in Owncloud.
Example:
a user can edit and read all the files in a synchronized folder except some specific subfolders.
Im working with desktop client and web interface. Version: OwnCloud 8.0.3 (stable)
As far as I know a user has access to all his/her folders and files, plus any files that are shared with him/her by other users. You cannot restrict access to user's files if they are in that user's account.
My assumption is that you are an administrator and can create accounts, etc. A workaround might be the following, but it is a workaround and not the solution you've asked for:
If there are some files that you'd like more than one user, or only specific users to be able to view; you can share them using the web interface.
You could create a master user who has access to all files and then share with the other users from the master account.
If anyone knows any different to this please suggest an edit to my answer and I'll put it in.
We have a website whose users supply HTML links to a virtual directory on the website. (Think www.website.com/dir1; dir1 is actually a virtual directory to a different server.) The server that the virtual directory links to requires authentication, however the username and password needed is constant.
Whenever a user tries to access a page that draws a resource from that virtual directory, the webpage asks for authentication. We don't want the user to have to enter in the authentication info every time they enter the site. We have no control over the server that is the source of the virtual directory, but have total control over the virtual directory's settings.
How can we set up the virtual directory so that a webpage that accesses the virtual directory automatically supplies the authentication info?
Please let me know if there's more info you need!
Unfortunately there isn't a way for you to transfer your authentication from one server to another, unless you share your session information. Do a google search for session state server for more information on this.
However, this may not be what you want.
Your only other options are to completely open up the resources on the 2nd server, or set up the directory on the other server as another virtual directory on the first server. This way everything is authenticated from the 1st server.