Maria Garcia Suarez <[EMAIL PROTECTED]> wrote:
> Hi there!
>
> I'm developing an application to which you can upload
> files. Right now the destination folder of those files
> is at /public_html/files which makes them visible from
> the internet.
>
> I thought of putting that ./files/ folder outside the
> ./public_html/ folder and make those files be only
> accessible via PHP pages (if the pages doesn't display
> a link to that folder there's no way to download the
> file). But, there's any way to keep on having the
> ./files/ folder inside ./public_html/ and have those
> files protected? Right now to identify users
> (authenticate them) I use session variables... it
> should be a protection that could be used together
> with session variables....
(assuming your using apache)
You can use a .htaccess file to protect the files that are in your
public web tree. Although I would not suggest this method for a few
reasons:
1. if the .htaccess some how gets modified and changes the deny all
rule, your files are open.
2. You (or someone) changes apache conf to not allow support for
.htaccess (.htaccess slows web performance)
3. Apache is recompiled without .htaccess support (again performance
reasons)
4. Your http process must have write permissions to your public web
files. (I suppose a seperate chmod would work but then again see
next item)
5. absent mindedness.
I would suggest to make the file storage location outside the web tree
and have a php script check permissions via your session variables and
then send the file. You might want to send a few headers with the file.
Content-Type:
Content-Length:
HTH,
Curt
--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
