CODEWITHSUNDEEP
asp.netvb.net
Zishan Neno
Zishan Neno

Reputation: 2817

Downloading exe files from database

I have some exe files that I've uploaded into my database as I don't want them to be publicly accessible. I tried using a link button and a generic handler to serve the file using the following code:

Context.Response.Clear()
Context.Response.ContentType = "application/exe"
Context.Response.AppendHeader("Content-Disposition", "filename=program.exe")
Context.Response.BinaryWrite(binaryfile)

The problem: Google Chrome does not treat the download as any other exe, instead after downloading it reports "program.exe is not commonly downloaded and could be dangerous." with a "discard" button and the option to "keep" the download is hidden under a context menu.

Is there any other/better way to serve exe files stored in the database?

Upvotes: 3

Views: 3774

Answers (3)

tim
tim

Reputation: 2721

In my case I solved it with the following set of headers:

Cache-Control: max-age=864000
Content-type: application/octet-stream
Content-Disposition: attachment; filename="....zip"
Content-Transfer-Encoding: binary
Last-Modified: ...
Etag: ...
Content-Length: ...

Be extra observant of Content-type, Cache-Control, Last-Modified and Etag which seemed to be the helpful headers for me.

Upvotes: 1

David
David

Reputation: 218847

I don't often see application/exe in the wild. It's more common to use application/octet-stream for executable files.

If you're using .NET, then I'm going to assume for a moment that you're using IIS. (Correct me if this is not the case.) If so, then this (old, but still useful) list of MIME types and file extensions may be helpful.

Naturally, you won't be able to get around any browser-side restrictions from the server side in any real sense. You can modify the headers you send to the client, but in the end it's up to the client what to do with the response.

Upvotes: 4

Mark
Mark

Reputation: 1537

Did you check out this question: Getting around Chrome's Malicious File Warning

Jeff G suggests signing up to Google Webmaster Tools and adding your site. It'll take several days for Google to crawl your site, and fill in any information, but it'll eventually stop thinking your file is malicious.

Upvotes: 3

Related Questions