用传统的超连接方式提供的文件下载很容易暴露文件的路径,从而使得那些没有经授权的用户也可以下载到这些文件.如何来保护这些文件呢?下面是一个ASP实现的文件下载函数,有了它,你就不用担心会泄露文件的下载路径了...

Function downloadfile(fullpath)
          downloadfile = False
          Dim strfilename, s, fso, f, intfilelength
          Set fso = server.createobject("scripting.filesystemobject")
          If not fso.fileexists(fullpath) Then
             Response.write "<br><font color=red>注意:你所请求的文件不存在!</font>"
             Exit Function
          End If

          Set f = fso.getfile(fullpath)
          '获取文件大小
          intfilelength = f.size

          Set s = server.createobject("adodb.stream")
          s.open
          s.type = 1
          s.loadfromfile(fullpath)

          response.buffer = True
          response.clear
          'response.addheader "content-type","application/x-msdownload"
          'response.addheader "Content-Encoding","GB2312"
          response.addheader "content-disposition","attachment;filename=" & f.name
          response.addheader "content-length" ,intfilelength
          response.contenttype = "application/octet-stream"
          While not s.eos
              response.binarywrite s.read(1024 * 64)
            '    关键的一句
              response.flush
          wend
          s.close
          Set s = Nothing

          downloadfile = True
      End Function