[FX.php List] [OFF] Protecting folder contents with PHP/htaccess

Jonathan Schwartz jschwartz at exit445.com
Tue Mar 11 20:35:25 MDT 2008


Yes. Apache 1.3.

J



------------------------
Jonathan Schwartz
Exit 445 Group
Jonathan at exit445.com
415-381-1852 Office
415-370-5011 Cell

On Mar 11, 2008, at 6:41 PM, "Leo R. Lundgren" <leo at finalresort.org>  
wrote:

> Hehe :)
>
> What httpd is the system running on, Apache?
>
> 12 mar 2008 kl. 02.27 skrev Jonathan Schwartz:
>
>> Great suggestions, Leo.  I'll check them out.
>>
>> The nature of the options you suggested also confirms that this  
>> isn't a RTFM question.  I hate finding out I asked one of those. ;-)
>>
>> J
>>
>>
>> At 2:16 AM +0100 3/12/08, Leo R. Lundgren wrote:
>>> There are some ways to do this, with their pros and cons.
>>>
>>> One way is to put the files outside the docroot/unprotected space  
>>> of the website, and have PHP readfile() or passthrough the  
>>> contents. This will consume resources though, and prevent caching  
>>> unless you handle that specifically.
>>>
>>> Another way is to use a mechanism such as Lighttpd's X-Sendfile,  
>>> which will let PHP tell the httpd to send a file as the response  
>>> to a request from a client. You can check out the Lighttpd website  
>>> if you're interested in that, or you can look at this that I just  
>>> found, not sure how usable it is, but it should give you an idea  
>>> about what it is: http://www.screenage.de/blog/2008/02/22/libapache2-mod-xsendfile-processes-x-sendfile-headers-with-apache2/
>>>
>>> On a similar note to X-Sendfile is http://se2.php.net/manual/en/function.virtual.php#67945 
>>>  , which seems to need a bit too much site-specific configuration  
>>> for my taste though.
>>>
>>> Just throwing out some ideas!
>>>
>>> -|
>>>
>>> 12 mar 2008 kl. 01.37 skrev Jonathan Schwartz:
>>>
>>>> Hi Folks,
>>>>
>>>> I have password access designed into a system  that works just  
>>>> fine. Once logged in, users can view and download private  
>>>> documents by clicking on links for: PDF, DOC, XLS and PPT.
>>>>
>>>> But, I'm concerned about  the files in the folder could be  
>>>> accessed by search bots or via linked URLs.
>>>>
>>>> I understand that I can use htaccess to lock/unlock the folder,  
>>>> but users shouldn't have to log in twice.
>>>>
>>>> Is there a way to have the PHP login talk to the htaccess log in?
>>>>
>>>> Or, should I be exploring other options?
>>>>
>>>> Thx
>>>>
>>>> Jonathan
>>>> --
>>>> Jonathan Schwartz
>>>> Exit 445 Group
>>>> jonathan at exit445.com
>>>> http://www.exit445.com
>>>> 415-381-1852
>>>> _______________________________________________
>>>> FX.php_List mailing list
>>>> FX.php_List at mail.iviking.org
>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>
>>>
>>> -|
>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>>
>> -- 
>> Jonathan Schwartz
>> Exit 445 Group
>> jonathan at exit445.com
>> http://www.exit445.com
>> 415-381-1852
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
> -|
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list


More information about the FX.php_List mailing list