|
|
Posted by Dikkie Dik on 10/26/06 14:55
>> Upload/tmp directories shouldn't even be accessable by http....
>>
>> /dir/
>> /uploadtmp/
>> /wwwroot/
>
> Yeah, but suppose you wanted an upload to be web accessible after it's
> moved from the tempdir?
>
> That final directory needs the .htaccess, doesn't it?
Not necessarily. You can make a file "web accessible" without putting it
in a publicly accessible directory. You can create a php file (publicly
accessible) that sends the appropriate Content-Type header and sends the
contents from a file (that is not publicly accessible) to the client.
Also, the file does not necessarily exist on the server as it is sent to
the client (you can open an image, rescale it, add a copyright message
and send the result of that to the client, for example).
You can control the "downloader" php file with GET-parameters or with
session data, so have much control over the accessibility.
Best regards
[Back to original message]
|