Posted by Ben on 10/01/36 11:30

Dan Trainor said the following on 10/27/2005 10:39 AM:
> Jason Motes wrote:

>>>However, how do people protect against the downloading of real files,
>>>ones which are not parsed by PHP? .WMV, .MOV, .ZIP, .EXE and so on? I
>>>want to protect access to these as well, and if a visitor just types in
>>>a URL and is able to access the file because my access control mechanism
>>>simply doesn't work on those types of files, what should be the solution
>>>here?

<snip>

> I'd like to keep the application as portable as possible; thus, I cannot
> use any kind of htaccess hackery because I want this PHP application to
> run on IIS, as well.

Move the files outside the document root so that they aren't available
via a direct URL, then create a 'file access page' in php that will
check for the session variable and either send or not send the file
based on whether the user has access.

- Ben

• Next in forum: Re: How to account for misspellings and alternatives in searching?
• Prev in forum: Re: [PHP] Using PHP for accsess control, preventing access to static files
• Thread view: Re: [PHP] Using PHP for accsess control, preventing access to staticfiles

[Reply to this message]