Depends what you're protecting. If someone wants it bad enough, they'll find it. It's like using a "really hard to guess password" and then leaving your box open to the world to guess at...
---John Holmes... > -----Original Message----- > From: Fargo Lee [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 18, 2002 5:04 PM > To: [EMAIL PROTECTED] > Subject: Re: [PHP] How do I hide download link ... > > Hi, if using the header command for attaching a file really prevents the > user from seeing the actual download link, is it really all that important > that the file is read from behind the document root if it is in a very > hard > to guess directory? > > "Martin Towell" <[EMAIL PROTECTED]> wrote in message > news:6416776FCC55D511BC4E0090274EFEF508A4B5@EXCHANGE... > > Have a page that checks the user's authentication > > > > if they're "invalid" then display an error msg and exit the script > > > > otherwise, send the header command(s) for attaching a file (can't > remember > > the exact syntax right now) > > > > read the file from somewhere that's not accessable from the web and spit > it > > out to the browser > > > > HTH > > Martin > > > > > > -----Original Message----- > > From: Fargo Lee [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, June 13, 2002 6:15 AM > > To: [EMAIL PROTECTED] > > Subject: [PHP] How do I hide download link ... > > > > > > Hi, my customers go through a password authentication to access a link > on > my > > site to download a file. I want to prevent the distribution of the > location > > of this file on my server by making it hidden. Is there any php > function(s) > > that could assist in doing this? > > > > All I can think of so far is storing the original file in a hard to > guess > > directory, when a authenticated customer goes to download it, send them > to > a > > script that copys the original file to a temp directory, they download > the > > file in the temp directory and then run a cron every so many minutes to > > clear out the files in the temp directory. > > > > If anyone has any ideas, examples or a way to improve on what I came up > with > > please respond. Thanks! > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
