[thelist] how to protect downloadable docs in members only area
Stephen Rider
evolt_org at striderweb.com
Sat Oct 20 15:21:06 CDT 2007
There is an existing open-source program out there that does this --
called (IIRC) "PHPFileNavigator". Might be worth a look. I've
played with it a bit, and it seems to work nicely.
Whatever you do, I agree that the best way to protect these documents
from direct download is that they should be located outside the
public HTML directory.
Stephen
On Oct 15, 2007, at 3:54 AM, iris wrote:
> good morning everyone
>
> i've got a website that has a password protected members' area (php
> login system). physically the content is all located within a /
> members/
> folder. within this is a documents folder with word, powerpoint etc
> docs which can be downloaded from within the members' area (i.e.
> only if
> logged in).
>
> however, if someone knew the exact location of a document
> (http://example.com/members/docs/example.doc) they could get to them
> without being logged in.
>
> how do i protect these documents from unauthorised access?
More information about the thelist
mailing list