On Wednesday 21 August 2002 10:54, Roger Lewis wrote:

> I did, but like I said, I couldn't find much.  Maybe I wasn't using the
> correct key words.  There is a lot about protecting php and html files but
> not much on other, non-php files in external directories.  There is some
> discussion about .htaccess, but I know nothing about this.  Is that the
> to do it, or can it be done with php.

Justin French, Tuesday, August 20, 2002 10:40 PM

> In real short, you want to store the files outside your htdocs root (so
> can't be served by http), OR restrict them from being served by using a
> htaccess file (try an apache list, the apache site, or your ISP sys

> Then, you want to serve those files THROUGH a PHP script.  Usually these
> scripts will:

> - authenticate a user
> - set the right mime-type header for the file type using header()
> - parse the requested file though the PHP script to the browser

> There were a few recent threads on this... search for the following
> lines in the archives:

> - Authenticate files downloads
> - secure files acess

> Finally, there is a decent script/article/tutorial on the Zend site
> place you should have looked), which is the basis for my code at the

> http://www.zend.com/zend/trick/tricks-august-2001.php

Well, I originally searched for "protect file downloads".  I also searched
"protect individual files", "protect files", "authenticate files", and on
and on.  There are thousands of messages, but very few with relevant titles
or content.  One point to consider: I have no control over the files
themselves.  They are being uploaded to the document directories by end
users, so I do not know the file names.  What I am trying to do is prevent
someone who knows the path to the file from being able to gain access to it
without authorization.
One of the best ideas I saw was to put the files outside the web root
directory.  That sounded pretty good until I discovered that then I couldn't
access the files.  Now you've again pointed out that solution, so I'm sure
it will work.  I've just got to study up on the subject.
I ran across the Zend article a couple of weeks ago, but it's going to take
me awhile to understand it.  I'm pretty new at this game, and my programming
skills are very limited.

I'm going to research .htaccess also.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to