RE: restricted file access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for your reply.

But what happens if the file is situated here: 

www.site.com/include/documents/file.doc


and someone knows that path file somehow or they get a program to crawl the
site. Then they would be able to get that file. How do we prevent that?

Thanks in advance.




-----Original Message-----
From: tedd [mailto:tedd.sperling@xxxxxxxxx] 
Sent: 27 August 2008 17:29
To: php-general@xxxxxxxxxxxxx
Subject: Re:  restricted file access

At 4:13 PM +0200 8/27/08, Angelo Zanetti wrote:
>Hi all,
>
>We have a site and we have created an admin section where the admin can
>upload documents.
>
>We have made a user login section where they can view a list of the
>documents (from the DB) and download the file.
>
>We want to make the site however not allow ppl to type in the path of the
>document and retrieve the file. How is this accomplished?
>
>Are the documents stored in a hidden / non-web accessible directory?
>
>Or is this restricted with APACHE?
>
>Please advise


Well...none of the above.

I would have a php script deliver the files and not allow the user to 
see the path.

Here's an example:

http://php1.net/b/file-browser/index.php

It would be a simple matter not to show the path but rather just show 
what's available to the user and then let the php script deliver the 
product to the user via a common url, like the demo does.

In other words, the most that any user can get is the path to one 
spot where your script deposits the file for download.

Cheers,

tedd

-- 
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux