Secure File Streaming Interface

Secure File Streaming
Web Framework Tips

The web resource manager object (cWebResourceManager) is used to allow developers to upload and download server files. Because this requires access to server directories that do not have direct web shares, a series of passwords and encryption strategies are used to secure file uploads and downloads.

File uploads and downloads are limited to “registered” (i.e., developer-specified) directories and their sub-directories. The framework automatically registers a default download and upload directory based on properties, and in most cases, these default directories will suffice. You can register additional folders as needed. By default, files are downloaded from \Reports\Cache and uploaded to \Data\Uploads. This can be customized with the following interfaces:

cWebResourceManager

RegisterDownloadFolder

This procedure is used to register a local file path as an accessible download folder. This means that download URLs can be generated to files inside this folder using the DownloadUrl and CustomDownloadUrl functions. Download URLs pointing to files that are not inside a registered folder will result in an error. This is an extra layer of security sandboxing the download URLs.

Subfolders of this folder inherit these permissions, so you don't need to register every subfolder.

Note: The download folder needs to be registered on every process, so usually this would be done when starting a process, for example, inside the End_Construct_Object or directly inside an object.

RegisterUploadFolder

This procedure is used to register a local file path as an accessible upload folder. This means that files can be uploaded to this folder using the [cWebFileUploadButton](../VdfClassRef/Web/cWebFileUploadButton.md) and [cWebFileUploadForm](../VdfClassRef/Web/cWebFileUploadForm.md) controls.

Subfolders of this folder inherit these permissions, so you don't need to register every subfolder.

Note: The upload folder needs to be registered on every process, so usually this would be done when starting a process, for example, inside the End_Construct_Object or directly inside an object.

Default Cache Folder Registration

This property controls if the default cache folder is being registered as a download folder. The reports cache folder is determined using the GetReportsCache function on the [cWebApp](../VdfClassRef/Web/cWebApp.md) object. The property defaults to true, so that the report cache folder is registered.

Default Upload Folder Registration

This property controls if the default upload folder is being registered as an upload folder. The default upload folder is determined using the UploadFolder function on the [cWebApp](../VdfClassRef/Web/cWebApp.md) object. The property defaults to true, so that the uploads folder is registered.

Non-Session Bound File Downloads

This property controls if non-session bound file downloads are allowed. Download URLs are usually bound to a specific session unless they are generated with the pbDownloadBindSession property set to false or using the CustomDownloadUrl function. This property defaults to false to increase the default security of the system.

cWebApp

Default Report Cache Folder

This function determines the path to the default report cache folder. This folder is usually used to generate reports that will be streamed to the client (like PDFs). By default, the folder is located inside the workspace under \Reports\Cache. This folder will be automatically created and is capable of creating the folder at runtime if bCreate is passed as true. The resource manager (cWebResourceManager) registers this folder by default as being a download folder.

Default Upload Folder

This function determines the path to the default upload folder. This folder is usually used to temporarily store files that are uploaded from the client. By default, the folder is located inside the data folder with the name uploads (\Data\Uploads). The resource manager (cWebResourceManager) registers this folder by default as being an upload folder.

Previous Topic: Secure File Streaming
Next Topic: Web Framework Tips