Directory security
This is a discussion on Directory security within the alt.comp.lang.php forums, part of the PHP Programming Forums category; I'm building a site on a 3rd party server which runs Unix, Apache, php and mySQL I have a ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-13-2006
|
|||
|
|||
Directory security
I'm building a site on a 3rd party server which runs Unix, Apache, php and
mySQL I have a number of sub directories containing only acrobat pdf files and some other directories with php files (but no index.htm) If I type the website url and then the path to my sub directories, I get a list of the directory contents. I have tried a htaccess file and can get the password box to appear and work fine, but my php page in another location on the site can't access the pdf files and display on screen unless I delete the htaccess file and password within the PDF directory. Should this work? Is there another way of hiding a directory except putting an index.htm in there. I would prefer not to have any thing else in the directory except the pdf files Is this an Apache issue or Unix Cheers Stephen 
|
|
04-14-2006
|
|||
|
|||
|
Re: Directory security
Put the folder with pdfs outside the web root folder
or use a strict .htaccess (deny all) and from the php scripts send the data to the client with the correct headers <?php $pathtofiles = '/path/to/folder/with/pdfs/'; $yourfile = 'yourfile.pdf'; $last_f = $pathtofiles . $yourfile; header('Content-Type: application /pdf; name="' . $yourfile . '"'); header('Content-Transfer-Encoding: binary' ); header('Content-Length: ' . filesize($last_f) ); header('Content-Disposition: attachment; filename=" . $yourfile . '"'); header("Connection: Close"); readfile($last_f); ?> Something like that could be used. to send the file after that you have authorized the person for the dowload or something else that you want to avoid direct linking to the file. I hope that it's what you need Regards. -- Leonardo Armando Iarrusso - J2Be www: http://www.J2be.com - e-mail: info[at]J2Be.com
|
|
04-14-2006
|
|||
|
|||
|
Re: Directory security
Excellent, cheers
"J2be" <info@nospamj2be.com> wrote in message news:443efcab$0$36922$4fafbaef@reader3.news.tin.it ... > Put the folder with pdfs outside the web root folder > or use a strict .htaccess (deny all) > and from the php scripts send the data to the client > with the correct headers > > <?php > $pathtofiles = '/path/to/folder/with/pdfs/'; > $yourfile = 'yourfile.pdf'; > $last_f = $pathtofiles . $yourfile; > header('Content-Type: application /pdf; name="' . $yourfile . '"'); > header('Content-Transfer-Encoding: binary' ); > header('Content-Length: ' . filesize($last_f) ); > header('Content-Disposition: attachment; filename=" . $yourfile . '"'); > header("Connection: Close"); > readfile($last_f); > > ?> > > Something like that could be used. to send the file after that you have > authorized > the person for the dowload or something else that you want to avoid direct > linking to the file. > > I hope that it's what you need > > Regards. > > > > > -- > Leonardo Armando Iarrusso - J2Be > www: http://www.J2be.com - e-mail: info[at]J2Be.com > >
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 08:37 AM.
