On Monday 11 November 2002 14:10, James Taylor wrote:
> Ok, I have something like this set up:
> 1. User logs into site. Authenticates through a mysql table which
> basically just has username/password columns. Session is set.
> 2. User goes through site looking for information he'd like to purchase
> based on specific fields. After the gathering of information is done, a
> script dumps the text into a CSV file and zips it.
> 3. The user then downloads the zip.
> What I can't figure out though, is in step number 3 - How do I secure this?
> The filenames are randomly generated, but if someone felt like saving a few
> bucks, they could write a program to try and brute force the guessing of
> filenames. I need to somehow have an .htaccess type system, WITHOUT
> .htaccess since the usernames are all just in a standard MySQL table. Any
> suggestions? Store the file in a table blob? I can't really think of
> anything. Thanks for your help.
Try searching archives? It's been covered many times before and there are a
load of good info in the archives. Start with the keywords as per your
subject "Restrict file access".
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php