> If you put the file you send somewhere out of the document root, the
> download location can't even be reverse-engineered.  This script is
> only way to get that file.

That's the key, right there. Combining that with sessions will make it
so that only people with the appropriate session will be able to access
the download script. Keeping it outside of the web root will make it so
no one can just type in the URL to the file. 

---John Holmes...

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to