[FX.php List] [OFF] Protecting folder contents with PHP/htaccess

Leo R. Lundgren leo at finalresort.org
Tue Mar 11 19:41:28 MDT 2008


Hehe :)

What httpd is the system running on, Apache?

12 mar 2008 kl. 02.27 skrev Jonathan Schwartz:

> Great suggestions, Leo.  I'll check them out.
>
> The nature of the options you suggested also confirms that this  
> isn't a RTFM question.  I hate finding out I asked one of those. ;-)
>
> J
>
>
> At 2:16 AM +0100 3/12/08, Leo R. Lundgren wrote:
>> There are some ways to do this, with their pros and cons.
>>
>> One way is to put the files outside the docroot/unprotected space  
>> of the website, and have PHP readfile() or passthrough the  
>> contents. This will consume resources though, and prevent caching  
>> unless you handle that specifically.
>>
>> Another way is to use a mechanism such as Lighttpd's X-Sendfile,  
>> which will let PHP tell the httpd to send a file as the response  
>> to a request from a client. You can check out the Lighttpd website  
>> if you're interested in that, or you can look at this that I just  
>> found, not sure how usable it is, but it should give you an idea  
>> about what it is: http://www.screenage.de/blog/2008/02/22/ 
>> libapache2-mod-xsendfile-processes-x-sendfile-headers-with-apache2/
>>
>> On a similar note to X-Sendfile is http://se2.php.net/manual/en/ 
>> function.virtual.php#67945 , which seems to need a bit too much  
>> site-specific configuration for my taste though.
>>
>> Just throwing out some ideas!
>>
>> -|
>>
>> 12 mar 2008 kl. 01.37 skrev Jonathan Schwartz:
>>
>>> Hi Folks,
>>>
>>> I have password access designed into a system  that works just  
>>> fine. Once logged in, users can view and download private  
>>> documents by clicking on links for: PDF, DOC, XLS and PPT.
>>>
>>> But, I'm concerned about  the files in the folder could be  
>>> accessed by search bots or via linked URLs.
>>>
>>> I understand that I can use htaccess to lock/unlock the folder,  
>>> but users shouldn't have to log in twice.
>>>
>>> Is there a way to have the PHP login talk to the htaccess log in?
>>>
>>> Or, should I be exploring other options?
>>>
>>> Thx
>>>
>>> Jonathan
>>> --
>>> Jonathan Schwartz
>>> Exit 445 Group
>>> jonathan at exit445.com
>>> http://www.exit445.com
>>> 415-381-1852
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>>
>> -|
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
> -- 
> Jonathan Schwartz
> Exit 445 Group
> jonathan at exit445.com
> http://www.exit445.com
> 415-381-1852
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list


-|



More information about the FX.php_List mailing list