[thelist] how to protect downloadable docs in members only area
iris
thelist at jarmin.com
Mon Oct 15 03:54:45 CDT 2007
good morning everyone
i've got a website that has a password protected members' area (php
login system). physically the content is all located within a /members/
folder. within this is a documents folder with word, powerpoint etc
docs which can be downloaded from within the members' area (i.e. only if
logged in).
however, if someone knew the exact location of a document
(http://example.com/members/docs/example.doc) they could get to them
without being logged in.
how do i protect these documents from unauthorised access?
i tried the htaccess file approach, passing the login instructions in
the links, so that those logged in don't have to log in again. e.g.
<a href="http://username:password@example.com/members/docs/example.doc">
but i discovered that IE doesn't play nice if the security setting are
set too high (middle being too high). since the users of this site are
mostly on university computers and might not have rights to change these
settings, i've decided that this is a bad method.
has anybody got another solution for me?
also, are the documents save from search engines? (i don't really trust
them to follow the instructions in robot.txt)
thank you so very much
iris
More information about the thelist
mailing list