[FX.php List] [OFF] Protecting folder contents with PHP/htaccess
Leo R. Lundgren
leo at finalresort.org
Tue Mar 11 19:16:06 MDT 2008
There are some ways to do this, with their pros and cons.
One way is to put the files outside the docroot/unprotected space of
the website, and have PHP readfile() or passthrough the contents.
This will consume resources though, and prevent caching unless you
handle that specifically.
Another way is to use a mechanism such as Lighttpd's X-Sendfile,
which will let PHP tell the httpd to send a file as the response to a
request from a client. You can check out the Lighttpd website if
you're interested in that, or you can look at this that I just found,
not sure how usable it is, but it should give you an idea about what
it is: http://www.screenage.de/blog/2008/02/22/libapache2-mod-
xsendfile-processes-x-sendfile-headers-with-apache2/
On a similar note to X-Sendfile is http://se2.php.net/manual/en/
function.virtual.php#67945 , which seems to need a bit too much site-
specific configuration for my taste though.
Just throwing out some ideas!
-|
12 mar 2008 kl. 01.37 skrev Jonathan Schwartz:
> Hi Folks,
>
> I have password access designed into a system that works just
> fine. Once logged in, users can view and download private documents
> by clicking on links for: PDF, DOC, XLS and PPT.
>
> But, I'm concerned about the files in the folder could be accessed
> by search bots or via linked URLs.
>
> I understand that I can use htaccess to lock/unlock the folder, but
> users shouldn't have to log in twice.
>
> Is there a way to have the PHP login talk to the htaccess log in?
>
> Or, should I be exploring other options?
>
> Thx
>
> Jonathan
> --
> Jonathan Schwartz
> Exit 445 Group
> jonathan at exit445.com
> http://www.exit445.com
> 415-381-1852
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
-|
More information about the FX.php_List
mailing list