[FX.php List] [OFF] Protecting folder contents with PHP/htaccess

Jonathan Schwartz jschwartz at exit445.com
Tue Mar 11 19:27:37 MDT 2008 

Great suggestions, Leo.  I'll check them out.

The nature of the options you suggested also confirms that this isn't 
a RTFM question.  I hate finding out I asked one of those. ;-)

J


At 2:16 AM +0100 3/12/08, Leo R. Lundgren wrote:
>There are some ways to do this, with their pros and cons.
>
>One way is to put the files outside the docroot/unprotected space of 
>the website, and have PHP readfile() or passthrough the contents. 
>This will consume resources though, and prevent caching unless you 
>handle that specifically.
>
>Another way is to use a mechanism such as Lighttpd's X-Sendfile, 
>which will let PHP tell the httpd to send a file as the response to 
>a request from a client. You can check out the Lighttpd website if 
>you're interested in that, or you can look at this that I just 
>found, not sure how usable it is, but it should give you an idea 
>about what it is: 
>http://www.screenage.de/blog/2008/02/22/libapache2-mod-xsendfile-processes-x-sendfile-headers-with-apache2/
>
>On a similar note to X-Sendfile is 
>http://se2.php.net/manual/en/function.virtual.php#67945 , which 
>seems to need a bit too much site-specific configuration for my 
>taste though.
>
>Just throwing out some ideas!
>
>-|
>
>12 mar 2008 kl. 01.37 skrev Jonathan Schwartz:
>
>>Hi Folks,
>>
>>I have password access designed into a system  that works just 
>>fine. Once logged in, users can view and download private documents 
>>by clicking on links for: PDF, DOC, XLS and PPT.
>>
>>But, I'm concerned about  the files in the folder could be accessed 
>>by search bots or via linked URLs.
>>
>>I understand that I can use htaccess to lock/unlock the folder, but 
>>users shouldn't have to log in twice.
>>
>>Is there a way to have the PHP login talk to the htaccess log in?
>>
>>Or, should I be exploring other options?
>>
>>Thx
>>
>>Jonathan
>>--
>>Jonathan Schwartz
>>Exit 445 Group
>>jonathan at exit445.com
>>http://www.exit445.com
>>415-381-1852
>>_______________________________________________
>>FX.php_List mailing list
>>FX.php_List at mail.iviking.org
>>http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
>-|
>
>_______________________________________________
>FX.php_List mailing list
>FX.php_List at mail.iviking.org
>http://www.iviking.org/mailman/listinfo/fx.php_list


-- 
Jonathan Schwartz
Exit 445 Group
jonathan at exit445.com
http://www.exit445.com
415-381-1852

More information about the FX.php_List mailing list