By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,868 Members | 1,974 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,868 IT Pros & Developers. It's quick & easy.

BIG security problem downloading files....

P: n/a
Mel
on my web site you will have to login to see downloads etc.
However once the user logs in the file url is exposed and the end user can
bookmark the downloadable file and pass it on to others

is there a way to avoid this ?

thanks
Jul 20 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Mel wrote:
on my web site you will have to login to see downloads etc.
However once the user logs in the file url is exposed and the end user can
bookmark the downloadable file and pass it on to others

is there a way to avoid this ?


Yes.

Do you run your own server?
What server is it?

On my church site [1] I have a load of member-only pages. I use PHP
authentication [2], with each protected page checking the authentication
and backing out if not authorized. This means I don't need to set
cookies on the users' machines.

Documents are done with a PHP script that checks authorization: if OK,
it sends the appropriate headers then reads the document contents from a
separate directory that isn't part of the website directory structure.

[1] http://billericaybaptist.net/
[2] http://www.php.net/manual/en/features.http-auth.php

--
Mark.
Jul 20 '05 #2

P: n/a
Mel wrote in
<c8**********@s0b1a68.ssa.gov>
on my web site you will have to login to see downloads etc.
However once the user logs in the file url is exposed and the end
user can bookmark the downloadable file and pass it on to others

is there a way to avoid this ?


..htaccess password protection will stop access to the files by anyone who
isn't authorised - whether they know the URL or not.

--
PeterMcC
If you feel that any of the above is incorrect,
inappropriate or offensive in any way,
please ignore it and accept my apologies.

Jul 20 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.