Is _database folder useful for securing other files from direct download?

In the KB it says:

*** The _database directory is configured with enhanced security which disallows direct download from a web browser. ***

It also says to NOT put anything in there besides database files.

I sell my software product(s) online and I need to protect them from direct download. We don't have the option of any folders outside of our web root directories, so that's out. Is there any reason to not use the _database directory to store the setup.exe files I am selling? It has the security I want by disallowing browser-direct downloads. If I can .MapPath('/_database') I should be able to push my files to my customers using Response.TransmitFile() in my .NET pages, correct?

Anybody have any info on this? Is there a preferred way to do this?

-Marco

 

Hi,
There are several tricks you can use to hide/protect files on your site.
Will you be using Classic ASP or ASP.NET (2.0 or later)
Salute,
Mark

 

Thanks Bruce & Mark,

A-OK on Bruce's reply. That's terrific.

On Mark's question, I will be using mostly .NET 2+, but have brought a number of my customers to DASP hosting where Classic ASP will be used. Any tips or tricks for Classic?

Thanks,
Marc

 

One of the easiest tricks many of us used in Classic ASP was to rename files with an .asp extension.
Then the server will not allow anyone to download the file, they'll just get error messages.
You can use that trick in a lot of scenarios.
http://databases.aspfaq.com/database/how-do-i-protect-my-access-database-mdb-file.html

Another is to use background scripts, illustrated here:
http://www.devx.com/asp/Article/16414/1954

Some goodies here:
http://classicasp.aspfaq.com/files/directories-fso.html

Salute,
Mark