On Monday 11 November 2002 14:10, James Taylor wrote: > Ok, I have something like this set up: > > 1. User logs into site. Authenticates through a mysql table which > basically just has username/password columns. Session is set. > > 2. User goes through site looking for information he'd like to purchase > based on specific fields. After the gathering of information is done, a > script dumps the text into a CSV file and zips it. > > 3. The user then downloads the zip. > > What I can't figure out though, is in step number 3 - How do I secure this? > The filenames are randomly generated, but if someone felt like saving a few > bucks, they could write a program to try and brute force the guessing of > filenames. I need to somehow have an .htaccess type system, WITHOUT > .htaccess since the usernames are all just in a standard MySQL table. Any > suggestions? Store the file in a table blob? I can't really think of > anything. Thanks for your help.
Try searching archives? It's been covered many times before and there are a load of good info in the archives. Start with the keywords as per your subject "Restrict file access". -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
