I was wondering about people's thoughts on file security through php 
using database authentication.

Take the following example:

I have a folder (in webroot) called /videos/ which contains a heap of 
files like so:


Now, in a database I have table with a heap of users, with some sort of 
security identifier which allows them to access only the files they are 
given access to. Now, doing this in PHP is no problem, but I want to be 
able to stop them from 'predicting' what the next filename would be and 
just typing that in.

I thought about using .htaccess, where if they try to access one of the 
files, it sends it off to a php page which authenticates and displays a 
list of files they are allowed to view, although I would like it if 
they had the opportunity to type in the url of the file if they are 
actually authorized to do so.

I would prefer not to keep a file listing of allowed usernames and 
passwords using .htaccess, as this information could potentially be 
updated frequently with a large amount of users (or would this not be a 

Has anyone implemented this type of system before? are there any good 
resources people know of for this type of thing?


PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to