By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
439,993 Members | 1,947 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 439,993 IT Pros & Developers. It's quick & easy.

how to protect clips files by php, apache, mysql, sessions

P: n/a
I have a members area full of video clips.
Clips are inside /hide/videoclips/ and /hide is apache protected directory
by .htaccess
Users can enter by a login.php (entering user and password) managed by
php, sessions and mysql.
When they enter I create a symbolic temp link pointing to
/private/videoclips so they can download the clips.
By the crontab I clean the temp link every now and then.
So if someone post the link http://www.mydomain.com/hide/clip1.mpg on a
forum, nobody can enter thanks to the apache login.
Is this the best secure way to organize a members area or is there a best
more secure way to create it?

Jul 17 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
On 2005-05-05, fr*********@nospam.com <fr*********@nospam.com> wrote:
I have a members area full of video clips.
Clips are inside /hide/videoclips/ and /hide is apache protected directory
by .htaccess
Users can enter by a login.php (entering user and password) managed by
php, sessions and mysql.
When they enter I create a symbolic temp link pointing to
/private/videoclips so they can download the clips.
By the crontab I clean the temp link every now and then.
So if someone post the link http://www.mydomain.com/hide/clip1.mpg on a
forum, nobody can enter thanks to the apache login.
Is this the best secure way to organize a members area or is there a best
more secure way to create it?


I'm using apache's own authorization mechanism for restricting access to
some files. I believe this is easier and safer than your solution.

--
Med venlig hilsen
- Jacob Atzen
Jul 17 '05 #2

P: n/a
>I'm using apache's own authorization mechanism for restricting access to
some files. I believe this is easier and safer than your solution.

But you need to edit a file each new sign up or cancel then connect to
your site, make an ftp,....
I have paypal and by its IPN my php script add and cancel users while I
sleep.
Furthermore if someone post a username and password in a forum are you
able to discover the problem?
I have a db with ip and state of the user so if I receive many login from
different states I can lock it, and you?


Jul 17 '05 #3

P: n/a
On 2005-05-05, fr*********@nospam.com <fr*********@nospam.com> wrote:
I'm using apache's own authorization mechanism for restricting access to
some files. I believe this is easier and safer than your solution.

But you need to edit a file each new sign up or cancel then connect to
your site, make an ftp,....
I have paypal and by its IPN my php script add and cancel users while I
sleep.
Furthermore if someone post a username and password in a forum are you
able to discover the problem?
I have a db with ip and state of the user so if I receive many login from
different states I can lock it, and you?


You can update the apache login information from your php script. The
sharing of passwords is the same problem one way or the other.

--
Cheers,
- Jacob Atzen
Jul 17 '05 #4

P: n/a
>ou can update the apache login information from your php script. The
sharing of passwords is the same problem one way or the other.

Jacob: I want a db because I want to know date of last access (sometimes
someone say he can't login), where he is from, ip, ...
I can stop the sharing password problem after 5 unahautorized access and
you can't.
Jul 17 '05 #5

P: n/a
fr*********@yahoo.com wrote:
ou can update the apache login information from your php script. The
sharing of passwords is the same problem one way or the other.


Jacob: I want a db because I want to know date of last access (sometimes
someone say he can't login), where he is from, ip, ...
I can stop the sharing password problem after 5 unahautorized access and
you can't.


For a start, check out http://sourceforge.net/projects/modauthmysql/.
It allows you to use a MySQL database with Apache authorization.

Won't give you the other stuff you want, however.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Jul 17 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.