那到不至于
要具体看服务器的配置了
不过 别担心,没有那么严重。现在很多网站 ASP防下载就是这样做的。这样不会泄漏文件的真实路径,在一定程度上也你能实现防非法下载
下面是我写的一个系统的ASP防下载文件。现在系统在服务器上运行很好:
<!--#include file="../include/antihack.inc.asp"-->
<!--#include file="conn.inc.asp"-->
<%
'************学术论文管理系统******************
'本页说明:文件下载
'**************************************************
%>
<%
'访问身份限制
if session("number") = "" then
Response.Redirect "DownError.htm"
end if
Dim sql
Dim rs
Dim filepath
sql="select * from theses where id=" & request("id")
set rs=server.CreateObject("adodb.recordset")
rs.open sql,conn,1,3
if rs.eof then
rs.close
set rs=nothing
closeconn
%>
<Script language=vbscript>
msgbox "该记录不存在",0,"注意"
history.back
</script>
<%
else
'如果该论文不是下载者本人的,则不允许下载
if rs("number")<>session("number") then
rs.Close
set rs=nothing
closeconn
Response.write "<br><font color=red>注意:你没有权限下载该文件!</font> <a href=vbscript:history.back>返回</a>"
Response.End
end if
filepath=server.MapPath("../Submit/theses/"&rs("url"))
rs.close
set rs=nothing
closeconn
downloadfile filepath
end if
Function downloadfile(fullpath)
downloadfile = False
Dim strfilename, s, fso, f, intfilelength
Dim randfile
randfile=year(now())&month(now())&hour(now())&minute(now)&second(now)& "." &right(fullpath,3)
Set fso = server.createobject("scripting.filesystemobject")
If not fso.fileexists(fullpath) Then
Response.write "<br><font color=red>注意:你所请求的文件不存在!</font>"
Exit Function
End If
Set f = fso.getfile(fullpath)
'获取文件大小
intfilelength = f.size
Set s = server.createobject("adodb.stream")
s.open
s.type = 1
s.loadfromfile(fullpath)
response.buffer = True
response.clear
response.addheader "content-type","application/x-msdownload"
response.addheader "Content-Encoding","GB2312"
'随即的文件名称
response.addheader "content-disposition","attachment;filename=" & randfile
response.addheader "content-length" ,intfilelength
response.contenttype = "application/octet-stream"
While not s.eos
response.binarywrite s.read(1024 * 64)
' 关键的一句
response.flush
wend
s.close
Set s = Nothing
downloadfile = True
End Function
%>