You are here: Re: [PHP] secure document : solution wanted « PHP « IT news, forums, messages
Re: [PHP] secure document : solution wanted

Posted by Charles Hamel on 04/06/05 21:10

"Duncan Hill" <dhill@cricalix.net> wrote in message
news:200504061743.25667.dhill@cricalix.net...
> On Wednesday 06 April 2005 17:02, Charles Hamel wrote:
>> "Duncan Hill" <dhill+php@cricalix.net> wrote in message
>> news:200504061633.44950.dhill+php@cricalix.net...
>> > One way to handle this is to write a wrapper script that accepts the
>> > file
>> > name
>> > as a parameter. The script verifies that the user is allowed to access
>
>> Can you provide a little more infos about wrapper scripts ... first time
>> earing about this expession.
>>
>> Can this script be written in php ... or it is some kind of cgi? Any
>
> http://lists.evolt.org/archive/Week-of-Mon-20011224/064591.html has some
> sample code to do with forcing IE to download a file where it can't
> determine
> the mime type properly. This forms the core of being able to feed a file
> to
> a browser when a .php file is called.
>
> The rough flow of the code would be:
> 1) Check that the user is authenticated. Kick them out if they aren't.
> 2) (Optional) Check that the user is allowed to access the file being
> requested. This might be a MySQL DB lookup, a secret word request,
> whatever.
> 3) Check that the file exists. Even better, rather than feed a file name,
> store a mapping of a unique ID to real file name in a data source of some
> type, and throw the ID around. You can enforce the format of the ID etc
> to
> avoid attacks against your system.
> 4) If all is good, use the code linked above (in some form) to feed the
> file
> to the browser. The user will get a Save dialog box in pretty much any
> browser.

I am all set guys .... thanks ... What would I do without the community?

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация