I have a members area full of video clips.
Clips are inside /hide/videoclips/ and /hide is apache protected directory
by .htaccess
Users can enter by a login.php (entering user and password) managed by
php, sessions and mysql.
When they enter I create a symbolic temp link pointing to
/private/videoclips so they can download the clips.
By the crontab I clean the temp link every now and then.
So if someone post the link http://www.mydomain.com/hide/clip1.mpg on a
forum, nobody can enter thanks to the apache login.
Is this the best secure way to organize a members area or is there a best
more secure way to create it?