On Monday 11 November 2002 14:10, James Taylor wrote:
> Ok, I have something like this set up:
> 1. User logs into site.  Authenticates through a mysql table which
> basically just has username/password columns. Session is set.
> 2. User goes through site looking for information he'd like to purchase
> based on specific fields.  After the gathering of information is done, a
> script dumps the text into a CSV file and zips it.
> 3. The user then downloads the zip.
> What I can't figure out though, is in step number 3 - How do I secure this?
> The filenames are randomly generated, but if someone felt like saving a few
> bucks, they could write a program to try and brute force the guessing of
> filenames.  I need to somehow have an .htaccess type system, WITHOUT
> .htaccess since the usernames are all just in a standard MySQL table.  Any
> suggestions?  Store the file in a table blob? I can't really think of
> anything.  Thanks for your help.

Try searching archives? It's been covered many times before and there are a 
load of good info in the archives. Start with the keywords as per your 
subject "Restrict file access". 

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to