[thelist] how to protect downloadable docs in members only area

iris thelist at jarmin.com
Mon Oct 15 03:54:45 CDT 2007

good morning everyone

i've got a website that has a password protected members' area (php 
login system).  physically the content is all located within a /members/ 
folder.  within this is a documents folder with word, powerpoint etc 
docs which can be downloaded from within the members' area (i.e. only if 
logged in).

however, if someone knew the exact location of a document 
(http://example.com/members/docs/example.doc) they could get to them 
without being logged in.

how do i protect these documents from unauthorised access?

i tried the htaccess file approach, passing the login instructions in 
the links, so that those logged in don't have to log in again. e.g.
<a href="http://username:password@example.com/members/docs/example.doc">
but i discovered that IE doesn't play nice if the security setting are 
set too high (middle being too high).  since the users of this site are 
mostly on university computers and might not have rights to change these 
settings, i've decided that this is a bad method.

has anybody got another solution for me?

also, are the documents save from search engines? (i don't really trust 
them to follow the instructions in robot.txt)

thank you so very much


More information about the thelist mailing list