[FX.php List] [OFF] Protecting folder contents with PHP/htaccess
Leo R. Lundgren
leo at finalresort.org
Tue Mar 11 19:41:28 MDT 2008
Hehe :)
What httpd is the system running on, Apache?
12 mar 2008 kl. 02.27 skrev Jonathan Schwartz:
> Great suggestions, Leo. I'll check them out.
>
> The nature of the options you suggested also confirms that this
> isn't a RTFM question. I hate finding out I asked one of those. ;-)
>
> J
>
>
> At 2:16 AM +0100 3/12/08, Leo R. Lundgren wrote:
>> There are some ways to do this, with their pros and cons.
>>
>> One way is to put the files outside the docroot/unprotected space
>> of the website, and have PHP readfile() or passthrough the
>> contents. This will consume resources though, and prevent caching
>> unless you handle that specifically.
>>
>> Another way is to use a mechanism such as Lighttpd's X-Sendfile,
>> which will let PHP tell the httpd to send a file as the response
>> to a request from a client. You can check out the Lighttpd website
>> if you're interested in that, or you can look at this that I just
>> found, not sure how usable it is, but it should give you an idea
>> about what it is: http://www.screenage.de/blog/2008/02/22/
>> libapache2-mod-xsendfile-processes-x-sendfile-headers-with-apache2/
>>
>> On a similar note to X-Sendfile is http://se2.php.net/manual/en/
>> function.virtual.php#67945 , which seems to need a bit too much
>> site-specific configuration for my taste though.
>>
>> Just throwing out some ideas!
>>
>> -|
>>
>> 12 mar 2008 kl. 01.37 skrev Jonathan Schwartz:
>>
>>> Hi Folks,
>>>
>>> I have password access designed into a system that works just
>>> fine. Once logged in, users can view and download private
>>> documents by clicking on links for: PDF, DOC, XLS and PPT.
>>>
>>> But, I'm concerned about the files in the folder could be
>>> accessed by search bots or via linked URLs.
>>>
>>> I understand that I can use htaccess to lock/unlock the folder,
>>> but users shouldn't have to log in twice.
>>>
>>> Is there a way to have the PHP login talk to the htaccess log in?
>>>
>>> Or, should I be exploring other options?
>>>
>>> Thx
>>>
>>> Jonathan
>>> --
>>> Jonathan Schwartz
>>> Exit 445 Group
>>> jonathan at exit445.com
>>> http://www.exit445.com
>>> 415-381-1852
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>>
>> -|
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
> --
> Jonathan Schwartz
> Exit 445 Group
> jonathan at exit445.com
> http://www.exit445.com
> 415-381-1852
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
-|
More information about the FX.php_List
mailing list