In Apache you can disable directory listing. You can also have a password file on the folder.
thirdly, you can have an index.php file that loads an authentication controller and prompts for a login when they attempt the directory, however, this won't protect specific files. The mix of #1 and #2, or #1 and #3 should suffice for you. -Will On Tue, Sep 22, 2009 at 3:40 PM, Andrew kain <[email protected]>wrote: > Hello list, I am looking for the best way to serve secure sensitive files > uploaded to a PHP server. I only want authenticated users to be able to > view > these files (jpg, pdf, etc). Usually anyone can view files uploaded to any > directory. I'm guessing the best way would be to upload the files outside > of > the web root that way they are not directly accessable from the web server. > My question is, what would be the next step? To authenticate the session > and > mod re-write to direct the user to the secured area? Can anyone with > any experience with this please give some pointers? thank you much in > advance. > > -bob > > _______________________________________________ > > UPHPU mailing list > [email protected] > http://uphpu.org/mailman/listinfo/uphpu > IRC: #uphpu on irc.freenode.net > -- Take care, William Attwood Idea Extraordinaire [email protected] Marie von Ebner-Eschenbach<http://www.brainyquote.com/quotes/authors/m/marie_von_ebnereschenbac.html> - "Even a stopped clock is right twice a day." _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
