|
|
Posted by Zoe Brown on 05/14/07 20:07
>> but isn't you approach just as risky as having the pdf file in the
>> public domain with a random name.
>
> not at all... because you are storing a random 'key' along with the
> filename, someone would have to guess the key. I tend to use 16-character
> keys. I am not
> worried in the slightest that someone will be able to guess a key like
> "6ruyhfn7k34bfdwq" and have it be valid. Obviously, your "streamFile.php"
> key should
> first ?check to make sure the key is valid (ie: it is in the database).
But using your logic i could create a pdf file called 6ruyhfn7k34bfdwq.pdf,
store the filename along with username/password in the DB and then the only
wany someone could access it would be to guess the filename. I dont see how
your methid is safer ?
> In fact, here is my streamFile.php code, though I've removed some of my
> custom error functions and kept some custom SQL functions in. But you
> should get the point. Please excuse any word-wrapping:
thanks
Navigation:
[Reply to this message]
|