If you place files inside a webfolder, then they are publicly accessible, period.
Not true. .htaccess turns a "public" directory into a "private" directory. Even if you know the path and filename you want, without an accepted username/password, you're not getting the file.
They might not be obvious, ie. you would have to guess that there are files in a specific folder AND know the exact name of the file, but if you do happen to guess correct, then the files are downloadable.
There are ways to still have files in "public" folders and have a measure of extra protection, but that is up to your webserver, and not PHP.
Not true. You can easily write php code to secure either certain areas, or the entire web site.
Use .htaccess to place a username/password on the folder, or better yet, you can use ftp, but then you place the files outside the webfolder. PHP has built in ftp functions that would allow you to create a pretty secure system to give access to files.
FTP bad. Friends don't let friends use FTP. And this isn't a security measure. What's to stop me from bypassing your PHP code, and just FTP'ing directly into your site?
Long of the short is, there are numerous ways to secure an area of your site. PHP, .htaccess, web server configuration, any combination of the three. However, the quickest, dirtiest, and most "good enough for government" way would be .htaccess
On Thu, 2003-07-17 at 15:58, Maria Garcia Suarez wrote:
Hi there!
I'm developing an application to which you can upload files. Right now the destination folder of those files is at /public_html/files which makes them visible from the internet.
I thought of putting that ./files/ folder outside the ./public_html/ folder and make those files be only accessible via PHP pages (if the pages doesn't display a link to that folder there's no way to download the file). But, there's any way to keep on having the ./files/ folder inside ./public_html/ and have those files protected? Right now to identify users (authenticate them) I use session variables... it should be a protection that could be used together with session variables....
Thanks a lot.
Kisses, Maria
__________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
-- By-Tor.com It's all about the Rush http://www.by-tor.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
