Topic: secure file (Read 131 times)

funkyfela · « **on:** November 21, 2008, 04:35:18 AM »

Helo,
I have a file i don't want unauthorised users to access. I created a login to the page restricting access, but if one knows the name of the file and type it on the browser the file loads and subsiquently can be accessed and downloaded. eg www.mysite.com/user/getfile/file.exe

the file to be protected is the file.exe and its located on the get file page which you can access only if you have a valid username and password. but if typed the address as shown above file is downloaded.

how do i restrict access to this file? please and thanks

Mark Baker · « **Reply #1 on:** November 21, 2008, 04:43:12 AM »

Move it outside of the /htdocs tree

Mark Baker · « **Reply #2 on:** November 21, 2008, 04:43:43 AM »

Quote from: Mark Baker on November 21, 2008, 04:43:12 AM

Move it outside of the /htdocs tree

Use an .htaccess file to restrict access to files with an extension of .exe

mtoynbee · « **Reply #3 on:** November 21, 2008, 04:46:46 AM »

A few options:

Hide the link by forcing a download dialog using PHP headers.

http://uk.php.net/header

Store the file as a BLOB (MySQL) in the database and output via headers

http://dev.mysql.com/doc/refman/5.0/en/blob.html

setup a .htaccess file (for Apache server) on that specific file so that the user cannot access it directly withouth being prompted for a password.

http://httpd.apache.org/docs/1.3/howto/htaccess.html

News:

Author Topic: secure file (Read 131 times)

funkyfela

secure file

Mark Baker

Re: secure file

Mark Baker

Re: secure file

mtoynbee

Re: secure file

PHP Freaks Forums