Ben wrote: > Dan Trainor said the following on 10/27/2005 10:39 AM: > >> Jason Motes wrote: > > >>>> However, how do people protect against the downloading of real files, >>>> ones which are not parsed by PHP? .WMV, .MOV, .ZIP, .EXE and so on? I >>>> want to protect access to these as well, and if a visitor just types in >>>> a URL and is able to access the file because my access control >>>> mechanism >>>> simply doesn't work on those types of files, what should be the >>>> solution >>>> here? > > > <snip> > >> I'd like to keep the application as portable as possible; thus, I cannot >> use any kind of htaccess hackery because I want this PHP application to >> run on IIS, as well. > > > Move the files outside the document root so that they aren't available > via a direct URL, then create a 'file access page' in php that will > check for the session variable and either send or not send the file > based on whether the user has access. > > - Ben > Ben - I knew this, but it was the "send or not send" thing that I was concerned about ;) Thanks -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
