I'm building an internal site with the main function of serving up software downloads. One thing I want to guard against though, is people finding the source paths and circumventing the site (the site logs the download for auditing.)
Is there a way to conceal the source of the binaries? (I'm using ASP.NET)
If you really want to do that then you could do something like
The best way to do this is to place the files in a directory that is inaccessible from the web, and then load the files dynamically.
This article may help.
Have your ASP page read the file and write it in a page, serving up the binary data. Link to that page for the download. That way they never know the location of the file on disk.
Like this: http://www.dotnetcurry.com/ShowArticle.aspx?ID=105&AspxAutoDetectCookieSupport=1 but in your ASP over the HTTP stream.
This example shows writing binary over the HTTP stream just use a file as your input source instead of a database.
You could create an HttpHandler that handled all file requests and returned the files based on some kind of unique id. So if someone requests /files.ashx?id=24, they get the file, but the don't know where it's actually located on the server.
Additionally, you could use url rewriting so it looks to the user like they're accessing a physical file path: /downloads/dog.img, but it's actually getting passed to the the handler: files.ashx?id=dog.img. That way the user wouldn't even realize that a handler was being used in the background.