[thelist] File Security

live4bacon at optonline.net live4bacon at optonline.net
Mon Mar 22 19:24:52 CST 2004


Good day,
I have, say, 3 clients each having their own secure area.  In this area the client would be able to upload/download files to/from me.

the files would reside in say 
/Protected/Client1/files/

How can I keep someone from downloading files directly from this folder?  I have secured the pages themselves with PHP and MYSQL authentication but, correct me if i am wrong. that doesn't stop someone from grabbing the file directly like so:

http://www.mysite.com/Protected/Client1/files/somefile.zip

I understand that said person would need to be quite informed,  ....wait, but I would be able to set these files outside the server root! correct? and serve them from there?

Thanks for you help,
JP



More information about the thelist mailing list