Forum

Hi all

I have been unable to solve the issue of keeping confidential data or files hidden on DNN sites. For instance many form modules offer an "export" function that creates a downloadable CSV or .xls file. The files are stored on the server and anyone can download them if they know the link and get full contact database of 1,000s of customers.. Similarly a form may allow candidates to upload cvs or other confidential files, all of which are visible if you know the link to access them.

 The issue is that search engine bots can end up indexing these files as happened recently leading to a potential prosecution under data protection act.

 I have searched forums but cannot find an easy simple solution to protect these files. 

 Options / combination of options I have tried are as follows:

1. Set robots.txt file to disallow indexing of sensitive folders. This works as long as you keep updating it when you make major changes to site.  but does not stop direct browser searching via firefox or similar browsers. See image above.

2.. Turn off "directory browsing" option at Server level. This fixes the ability to browse directories using firefox or similar, but then it breaks modules including the HTML editor and will then not allow uploading of images or files.

3. Created folders with "_name" in which to place hidden protected files as per Adersons video http://youtu.be/Hl8_mvvneTU . However this also does not prevent direct browsing using a firefox browser as per image above.

4. Set permissions via file manager to "write only" on the folder. This does not work, you can both see the files and download them using firefox.

Any  thoughts  on how to protect data but keep site working appreciated.

John

I think a lot of people out there have a similar need so here is some information to help.

First, never expect a robot.txt file to protect your data.  Sure, Google and other friendly web crawlers may stay away but nefarious individuals who are out there to do harm do not care about a robot.txt file.  That is something a program CHOOSES to respect, so it's kind of like saying, "Cover your eyes and don't peek while I change my cloths.", it doesn't really stop the person.  As you point out, the user can still download if they know the path no matter what the robot.txt says illustrating that it isn't security but a suggestion.

For testing purposes I wrote a module that uploads a file to my site.  After uploading the file it streams a copy of what the user just uploaded to a file that I save on my local machine.  This is intended to test both the ability to save (upload) and retrieve(download) data written to a file.  My local workstation is a Windows 7 machine running IIS 7.

The best way to handle this is with the proper permissions on the folder, however this is not as straight forward as one may expect.  Setting permissions on a folder is best because it gives you the flexibility to use any directory you want.    To accomplish this I created a directory in my website called "UploadedFiles" and then modified the folder permissions in the folder properties.  There is a user named "Users (COMPUTERNAME/Users)".  For this user I selected the option to Deny permission to "Read & execute", "List folder contents", and "Read".  After doing this I was able to upload a file to the directory using my module and download the file using my streaming download after uploading it.  I was not able to access the file using a URL that points to the file.  When I attempted this, I got a permission denied error in the browser which is exactly what I wanted.  The specific user that needs the permission change might be different on each machine, but one of them should do it. 

The one downside I experienced with this setup is that when I went to verify that the file upload was in the proper location I was denied access through the Windows Explorer.  To verify that the file made it, I had to back out the permissions.  This is a little annoying during testing but once it goes live it wouldn't be a problem because no human is going to be browsing the directory structure.  I don't think this will happen on a server because the user accounts are configured a little different with a specific account for IIS, but I haven't experimented that far yet.

A second option is to store the file contents to a database.  YOU SHOULD NOT DO THIS.  I only mention it here because it works and you may come across the suggestion elsewhere.  The slowness of the I/O is a downside to using this method.  It is a big task to save and retrieve these bigger chunks of data from the database.  Since the files don't actually have a physical path the database method protects them as you have to explicitly do the file retrieval from the database record.

A third option, if you can't figure out how to set up a protected directory by adjusting folder permissions, is to use the "App_Data" folder to store the files.  By default this folder should not be accessible to your users so anything you put in it will be safe.  It was created to hold the database file but can be used for other needs.  I created a folder, "/App_Data/MyModuleData" and was able to save a file to it using my file upload module then stream the contents to a file download.  I was not able to access the file using a URL in my browser.

All of these methods of protecting the file require special handling to facilitate file downloads.  Files will need to be programatically accessed and streamed to any user who needs them.

 Hope this helps anyone who finds it.  Good luck people!