Posted by Duncan Hill on 04/06/05 18:33
On Wednesday 06 April 2005 16:23, Charles Hamel typed:
> Hi
>
> I am bulding a secure intranet.(php, mysql, apache)
> I am using a session and Mysql to handel the user accounts. Everythying
> works fine with that.
>
> The client now needs to share word/pdf document with the registered user. I
> created a secure directory using .htaccess for this purpose and it works as
> well .... the user are promt to enter a username password.
> I was expecting this to work ...
> http://username:password@www.domain.com/safeDir/Word.doc but it isn't.
IE dropped support (or severely neutered it) for username:password in URLs a
while back.
One way to handle this is to write a wrapper script that accepts the file name
as a parameter. The script verifies that the user is allowed to access the
file, and sends back the file with appropriate content type etc. Files can
then be stored outside of the document root, preventing access even if you
guess the file name.
[Back to original message]
|