473,387 Members | 1,470 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > how to protect clips files by php, apache, mysql, sessions

Join Bytes to post your question to a community of 473,387 software developers and data experts.

how to protect clips files by php, apache, mysql, sessions

I have a members area full of video clips.
Clips are inside /hide/videoclips/ and /hide is apache protected directory
by .htaccess
Users can enter by a login.php (entering user and password) managed by
php, sessions and mysql.
When they enter I create a symbolic temp link pointing to
/private/videoclips so they can download the clips.
By the crontab I clean the temp link every now and then.
So if someone post the link http://www.mydomain.com/hide/clip1.mpg on a
forum, nobody can enter thanks to the apache login.
Is this the best secure way to organize a members area or is there a best
more secure way to create it?

Jul 17 '05 #1
5 2815
On 2005-05-05, fr*********@nospam.com <fr*********@nospam.com> wrote:
I have a members area full of video clips.
Clips are inside /hide/videoclips/ and /hide is apache protected directory
by .htaccess
Users can enter by a login.php (entering user and password) managed by
php, sessions and mysql.
When they enter I create a symbolic temp link pointing to
/private/videoclips so they can download the clips.
By the crontab I clean the temp link every now and then.
So if someone post the link http://www.mydomain.com/hide/clip1.mpg on a
forum, nobody can enter thanks to the apache login.
Is this the best secure way to organize a members area or is there a best
more secure way to create it?


I'm using apache's own authorization mechanism for restricting access to
some files. I believe this is easier and safer than your solution.

--
Med venlig hilsen
- Jacob Atzen
Jul 17 '05 #2
>I'm using apache's own authorization mechanism for restricting access to
some files. I believe this is easier and safer than your solution.

But you need to edit a file each new sign up or cancel then connect to
your site, make an ftp,....
I have paypal and by its IPN my php script add and cancel users while I
sleep.
Furthermore if someone post a username and password in a forum are you
able to discover the problem?
I have a db with ip and state of the user so if I receive many login from
different states I can lock it, and you?


Jul 17 '05 #3
On 2005-05-05, fr*********@nospam.com <fr*********@nospam.com> wrote:
I'm using apache's own authorization mechanism for restricting access to
some files. I believe this is easier and safer than your solution.

But you need to edit a file each new sign up or cancel then connect to
your site, make an ftp,....
I have paypal and by its IPN my php script add and cancel users while I
sleep.
Furthermore if someone post a username and password in a forum are you
able to discover the problem?
I have a db with ip and state of the user so if I receive many login from
different states I can lock it, and you?


You can update the apache login information from your php script. The
sharing of passwords is the same problem one way or the other.

--
Cheers,
- Jacob Atzen
Jul 17 '05 #4
>ou can update the apache login information from your php script. The
sharing of passwords is the same problem one way or the other.

Jacob: I want a db because I want to know date of last access (sometimes
someone say he can't login), where he is from, ip, ...
I can stop the sharing password problem after 5 unahautorized access and
you can't.
Jul 17 '05 #5
fr*********@yahoo.com wrote:
ou can update the apache login information from your php script. The
sharing of passwords is the same problem one way or the other.


Jacob: I want a db because I want to know date of last access (sometimes
someone say he can't login), where he is from, ip, ...
I can stop the sharing password problem after 5 unahautorized access and
you can't.


For a start, check out http://sourceforge.net/projects/modauthmysql/.
It allows you to use a MySQL database with Apache authorization.

Won't give you the other stuff you want, however.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Jul 17 '05 #6
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
High Performance and High Avalaibility platform on Linux/Php/Apache/mySql
by: Andrea A | last post by:
Hi, i'm setting up a website with a forecast traffic of 70.000 sessions and 1.000.000 pageviews a day. I'm in trouble about the short budget I have (about 10K $) and the big traffic and so the...
PHP
2
Protect local Mysql DB access
by: Flier_75 | last post by:
Hi, I just password-protected an intranet site by including a password authentication script in each page of a private section. The script checks the login against the mySQL database....
PHP
4
Saving two mysql tables as csv files
by: Jan Nordgreen | last post by:
The following code only generates the first csv file. The second request is just ignored. What am I doing wrong? I am using Mozilla Firefox, Windows XP, and Xampp. <?php require...
PHP
4
My AMP application does not know the mysql data files reside on the same linux server
by: MLH | last post by:
A programmer developed an AMP (Apache/MySQL/PHP) application for me. When he was done, he sent me the PHP files and the MySQL dump file. Now, when I connect to the application on my LAN using...
MySQL Database
11
Any way to protect your data files from root?
by: siliconmike | last post by:
Is there a way to protect data files from access by root ? I have a data-centered website and would like to protect data piracy from any foot-loose hosting company employee. Any ideas? ...
MySQL Database
3
PostgreeSQL C header files
by: Christian Kienle | last post by:
Hello, at the moment I try to write a little CGI library written in C++. I want offer a PostgreeSQL interface for all the user of my CGI library. Is there any book or a good documentation how I...
PostgreSQL Database
12
How to publish HD video on Web and protect it?
by: Pallas | last post by:
Hi all, I've produced some high-def videos and I want people to be able to watch them on my website, but I may want to prevent downloads and I certainly want to prevent them from editing them....
HTML / CSS
3
Protect files (on web server) from web admin
by: ManWithNoName | last post by:
Hi guys. I’m still occupied with school, however, I can’t quite help thinking about a part of my project that I’m very curious about. I want to protect files and folders on the web server, so...
PHP
0
Re: How to protect website from access without authentication?
by: Shawn Milochik | last post by:
This isn't really a Python question -- it's a Web development question. The easy answer is to just password protect the directory all the pages are stored in, and require a password. This can be...
Python
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!