468,470 Members | 1,902 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,470 developers. It's quick & easy.

Hiding files from public access but viewable within domain

116 64KB
Hi

Not sure if this is the right place for this question so feel free to move it :)

I am building a system in PHP whereby PDF/XML files are uploaded to a remote server. These files should not be able to be publicly viewed (imagine this is a CHMOD issue).

However I need these files to show in an iframe or div within a PHP page on the same server.

I know I can put the files behind the public_html folder which is great but then how do I get the page on the domain to show the file in the iframe/div?

Thanks
Jun 6 '14 #1
8 5289
Dormilich
8,651 Expert Mod 8TB
However I need these files to show in an iframe or div within a PHP page on the same server.
that statement doesnít make sense (at least to me).

for viewing something in a HTML page (an iframe ainít different from that) you need a client. the client is always on another machine (with localhost being the sole exception) Ö
Jun 7 '14 #2
Use .htaccess, give acces to local ip address, deny access from other IP address.
Jun 9 '14 #3
robertybob
116 64KB
Thx for the replies and sorry for the late response.

@Dormilich - I understand that an iframe etc is still an html page in itself and that is the source of the problem - ie, the page must be able to be read to be shown in the iframe but not be publicly accessible...

@meditation - I'll give this a go and let you know shortly.

All the best to you both
Jun 11 '14 #4
Dormilich
8,651 Expert Mod 8TB
the page must be able to be read to be shown in the iframe but not be publicly accessible
impossible. an iframe is nothing more than a browser window inside a browser window, so the same rules as a "regular" browser window apply regarding resources.

another interpretation were that the data should be public, but not as a bare HTML page you could call. this calls for loading this content via AJAX i.e. you fetch the data (not the HTML representation of the data) from the server and make JS render/insert it into the current page. that could be an iframe, although that would be the most laborious way to render the data (since you need to create a complete page instead of just an HTML chunk)

These files should not be able to be publicly viewed (imagine this is a CHMOD issue).
why is that a CHMOD issue? one is about HTTP and the other about the filesystem.

nevertheless, if the PDFs/XMLs are available in your page, I don’t see why it shouldn’t be possible to extract them from there (unless you don’t serve it as PDF/XML but as HTML representation thereof).
Jun 11 '14 #5
robertybob
116 64KB
OK Thanks.

Since no-one has suggested using the CHMOD on the folder containing the files I guess I'm looking at reading the PDF content into the page from a file location behind the public root.

I'll see how I get on with that.

@meditation - I think this would have worked but unfortunately the office does not have a static IP so is not feasible.
Jun 13 '14 #6
Dormilich
8,651 Expert Mod 8TB
Since no-one has suggested using the CHMOD on the folder containing the files
since CHMOD modifies the filesystem permission on the computer, it would make no difference who is accessing the resource from outside. it’s more like you either have access or not no matter who you are.

I guess I'm looking at reading the PDF content into the page
but you still need to tell the script whether the user viewing the page has the right to get that document served (e.g. via login).
Jun 13 '14 #7
Copy the content in temporary file and show the temporary file, delete it after sometime.
Jun 16 '14 #8
Dormilich
8,651 Expert Mod 8TB
that would still make it accessible from everywhere, though for a limited time.
Jun 16 '14 #9

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

1 post views Thread by Hank Reed | last post: by
2 posts views Thread by 2good2b | last post: by
1 post views Thread by heiro | last post: by
reply views Thread by NPC403 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.