Martin Zvarík napsal(a):
Hi,
there are two choices (example):
1) file_redirect.php?src=file/root.jpg --- shows an image
2) .htaccess --- if is requested file/root.jpg than redirect to
xyzfile/root.jpg
In both cases I can restrict the access to some files only.
If we talk about PHP, the file/image.jpg can be directed to
xyzfile/image.jpg - and the client won't know.
BUT if we talk about .htaccess - can the client find out where it really
points out?
For example file/image.jpg will be directed to xyzfile/image.jpg --- I
suppose it sends a response to the browser and tells him the new path
which it should request, am I right?
If so, than it's not really secure, since the user will be able to test
and try all other filenames and get somewhere I don't want him to go - I
know I might be too careful,
BUT I am interested how PROs do this.
Your comments will be appreciated,
Martin
AHA, from what I've just read, the .htaccess is server-side, so the
client won't know the real directory.
Can somebody confirm?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
