Reply to Re: [PHP] secure document : solution wanted

Your name:

Reply:


Posted by Duncan Hill on 04/06/05 19:43

On Wednesday 06 April 2005 17:02, Charles Hamel wrote:
> "Duncan Hill" <dhill+php@cricalix.net> wrote in message
> news:200504061633.44950.dhill+php@cricalix.net...
> > One way to handle this is to write a wrapper script that accepts the file
> > name
> > as a parameter. The script verifies that the user is allowed to access

> Can you provide a little more infos about wrapper scripts ... first time
> earing about this expession.
>
> Can this script be written in php ... or it is some kind of cgi? Any

http://lists.evolt.org/archive/Week-of-Mon-20011224/064591.html has some
sample code to do with forcing IE to download a file where it can't determine
the mime type properly. This forms the core of being able to feed a file to
a browser when a .php file is called.

The rough flow of the code would be:
1) Check that the user is authenticated. Kick them out if they aren't.
2) (Optional) Check that the user is allowed to access the file being
requested. This might be a MySQL DB lookup, a secret word request, whatever.
3) Check that the file exists. Even better, rather than feed a file name,
store a mapping of a unique ID to real file name in a data source of some
type, and throw the ID around. You can enforce the format of the ID etc to
avoid attacks against your system.
4) If all is good, use the code linked above (in some form) to feed the file
to the browser. The user will get a Save dialog box in pretty much any
browser.

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация