Whenever I will delete the symlink the file will be no more accessible? If so then what will happen if the user still downloading the file during the deletion of it? I'm pretty sure it will cause a stop of the downloading process at the client. I'm also not that much sure whether this is the right solution for that. I'm also not really sure that the apache problem is due to memory issue (I honestly have no idea regarding it's meaning :X ). Any further ideas will be highly appreciated! Thank you Tom for your ideas :) Regards, Nitsan On Sun, Jun 7, 2009 at 1:37 AM, Tom Worster <fsb@xxxxxxxxxx> wrote: > On 6/6/09 7:28 AM, "Nitsan Bin-Nun" <nitsan@xxxxxxxxxxxx> wrote: > > > The files are one directory up from the www root, because that I don't > want > > straight access to them, only by validation which will be done in this > php > > file. > > > > I'm not an apache expret, do you have any idea how I can run this php > > validation file and then output the file, which is placed in one up > > directory from the www root to the user browser?? > > when you say "validation", do you mean that you perform certain checks on a > given client request in php in order to decide whether or not to allow the > client to download the file? > > i can only think of one thing offhand and it's not high security but it > would make unauthorized access a lot harder. after validating the client > request, create a temporary symlink to the file that the client wants in a > directory under the http root using a random filename. redirect the client > to the symlink and delete it x minutes later. the entropy of the symlink > filename determines how hard it is to guess and its ephemeral existence > makes it hard to discover or reuse. > > i don't know if apache has a way to restrict access by referrer but that > would add an additional level of security, i.e. if apache could be > configured to reject the request to the symlink unless the referrer points > to the server that sent the redirect. > > sorry i can't be of more help. on the other hand, it's not easy to > implement the flow control between the flie and apache and thus to the > client's tcp connection in php so that nothing gets stuck and no buffers > overflow. i'm not really convinced that's a function that belongs in a php > script. > > >