In one application we use A4D to upload files. We store the uploaded
files in various folders served by Apache. Database records store a URL
to these files. Even though the file uploads and published URLs are in a
password protected web app, Apache doesn't restrict access to the
uploaded files. If someone can guess a file path they can get the file.
Apache is configured to not allow directory listings and the documents
in question aren't sensitive, so this isn't a big deal.
However, I've been asked to add file upload capability to another web
app that runs on the same server. In this case access to the uploaded
documents would need to be restricted. How have others achieved this w/
A4D without physically storing the documents in the database?
Thanks,
Brad Perkins
_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
