Best group member,

 

I am creating a file system class. I will have a web based document center
with different access roles. All users in the system will not be able to
view the files. It will all be run thru the web tool.

 

I will have a class that is called file. That file can give an authorized
user access to a specific file. What I do not want to do is to show them the
location of the file. And if they some how finds out the location of the
file, I do not want them to be able to type
http://www.domain.com/files/important.doc and download the file. 

 

Should I put the files outside of the web file system (outside of httpdocs)
so that they can not get the file thru the web browser?

 

Or should I save the docs in a database instead and control the access thru
that?

 

Is there anyone with comments? Is it anyone with experience about this?

 

Best regards,

Peter Lauri

 

 

 

Reply via email to