Securing XML files

[Chris]

I want to have a folder with XML files that I don't want to be publically
accessible but I want my application to be able to read. My initial thoughts
are to stick the files outside the web tree but IIS 6 doesn't allow allow
parent path with server mappath. I don't want to enable it but I don't want
semi-hardcoded paths either. Does anyone have any suggestions?

 

[Juan T. Llibre]

Place them in the App_Data directory.
If you don't have one, create it and modify your path to the files accordingly.

Direct requests for your XML files will be refused if they're in that directory,
although they will still be accessible by your application.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================

 

[bruce barker]

put them in the app_data folder. it was designed for this.

-- bruce (sqlwork.com)