[FX.php List] Container fields: Uploading to, and protecting
Edward L. Ford
elford at cs.bu.edu
Sat Oct 28 16:31:53 MDT 2006
Hello,
My database has a container field that is meant to hold a PDF file
(and only PDF files). I have severa concerns and questions about
this, which I'm hoping this list can help me with.
1) Adding new PDF to the database
When making a new record with the PHP interface to the database,
users should be able to upload a PDF file from their machine so its
added to the container field. How do I handle an uploaded file with
PHP and FX so it gets added to the container field?
2) (not really FX related) How do I ensure the file added is actually
a PDF (and not a DOC, or JPG file)? I know this should be at the
server level, but I'm not sure how.
3) Protecting the database and the database server
Looking at the XML output for a test record I have, the value for the
container field's data looks like:
/fmi/xml/cnt/data.cnt?-db=GigBoard.fp7&-lay=WebGigDetails&-recid=29&-
field=FilePDF(1)
When browsing records through the PHP interface, users should be able
to download the PDF file. As I see it, I'd have to give a direct
link to the file on the database server, i.e.
http://<server>/fmi/xml/cnt/data.cnt?-db=GigBoard.fp7&-
lay=WebGigDetails&-recid=29&-field=FilePDF(1)
I have a security concern: about this: Since my PHP and FM servers
are different machines, the end user really has no idea what the
address of the FM server is. With the PDF file as a basic link, they
get to see the server's address.
In the FX example, there's a file called image_proxy.php that appears
to be used to hide the server URL, as well as the user and password
needed to get the image file. I'd like to implement a similar file
to protect access to my PDF files, but I'm unsure how to modify the
example to match my situation.
Thoughts and suggestions are appreciated,
--Ed Ford
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20061028/fa54e61c/attachment.html
More information about the FX.php_List
mailing list