On Wednesday 21 August 2002 08:59, Roger Lewis wrote:
> I haven't been able to find much on this subject in the archives.
>
> Using sessions I have been able to have the server validate the user's
> access level before serving him a page. I put include files on each page
> that I want authenticated. This is all well and good, except on my pages
> there are links to non-html, and non-php files that are stored in document
> directories on the server.
>
> How, on a file-by-file basis, do I ensure that the user is authorized to
> download these files? If he gets to them through the link I provide, this
> is acceptable because he is already authorized to view the page that the
> link is on. However, if he somehow knows the full path to the file, he can
> get to it directly, bypassing the link and overriding the authentication
> system.
Try searching the archives. It has been discussed many times before.
--
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
/*
Dealing with the problem of pure staff accumulation,
all our researches ... point to an average increase of 5.75% per year.
-- C.N. Parkinson
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
