On Wednesday 21 August 2002 08:59, Roger Lewis wrote:
> I haven't been able to find much on this subject in the archives.
>
> Using sessions I have been able to have the server validate the user's
> access level before serving him a page. I put include files on each page
> that I want authenticated. This is all well and good, except on my pages
> there are links to non-html, and non-php files that are stored in document
> directories on the server.
>
> How, on a file-by-file basis, do I ensure that the user is authorized to
> download these files? If he gets to them through the link I provide, this
> is acceptable because he is already authorized to view the page that the
> link is on. However, if he somehow knows the full path to the file, he
can
> get to it directly, bypassing the link and overriding the authentication
> system.
On Tuesday, August 20, 2002 7:24 PM, Jason Wong wrote:
< Try searching the archives. It has been discussed many times before.
Jason,
I did, but like I said, I couldn't find much. Maybe I wasn't using the
correct key words. There is a lot about protecting php and html files but
not much on other, non-php files in external directories. There is some
discussion about .htaccess, but I know nothing about this. Is that the way
to do it, or can it be done with php.
Roger
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
