If you place files inside a webfolder, then they are publicly accessible, period.
They might not be obvious, ie. you would have to guess that there are files in a specific folder AND know the exact name of the file, but if you do happen to guess correct, then the files are downloadable. There are ways to still have files in "public" folders and have a measure of extra protection, but that is up to your webserver, and not PHP. Use .htaccess to place a username/password on the folder, or better yet, you can use ftp, but then you place the files outside the webfolder. PHP has built in ftp functions that would allow you to create a pretty secure system to give access to files. On Thu, 2003-07-17 at 15:58, Maria Garcia Suarez wrote: > Hi there! > > I'm developing an application to which you can upload > files. Right now the destination folder of those files > is at /public_html/files which makes them visible from > the internet. > > I thought of putting that ./files/ folder outside the > ./public_html/ folder and make those files be only > accessible via PHP pages (if the pages doesn't display > a link to that folder there's no way to download the > file). But, there's any way to keep on having the > ./files/ folder inside ./public_html/ and have those > files protected? Right now to identify users > (authenticate them) I use session variables... it > should be a protection that could be used together > with session variables.... > > Thanks a lot. > > Kisses, > Maria > > __________________________________ > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! > http://sbc.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
