Protecting Folders
This is a discussion on Protecting Folders within the Linux Security forums, part of the System Security and Security Related category; I have a data driven website. Part of the website is a downloads section - all the downloads are help in ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-25-2005
|
|||
|
|||
Protecting Folders
I have a data driven website. Part of the website is a downloads
section - all the downloads are help in a folder called "downloads". When a general user (i.e. one that doesn't have a log in) uses the site and access the downloads page they are given a list of general downloads. When a member who has logged in uses the site, the same page presents the general downloads and the member only downloads. This all works fine. A slight hole in this security, however, is that the downloads folder is not protected. I have moved the member downloads into a subfolder within downloads. How can I protect this so that only people who are logged in can access it - so that general users cannot accidentally browse it or make a direct link to the documents within it? Hope this makes sense. Any ideas? 
|
|
03-25-2005
|
|||
|
|||
|
Re: Protecting Folders
StevePBurgess@gmail.com wrote:
> I have a data driven website. > A slight hole in this security, however, is that the downloads folder > is not protected. I have moved the member downloads into a subfolder > within downloads. How can I protect this so that only people who are > logged in can access it It rather depends on what method you are using to log people in. Assuming the use of Apache, I would probably look at using mod_perl to write an AuthHandler for that directory. If you aren't using Perl already, then another solution might suit you better. -- David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/> Home is where the ~/.bashrc is
|
|
05-22-2005
|
|||
|
|||
|
Re: Protecting Folders
StevePBurgess@gmail.com wrote:
> I have a data driven website. Part of the website is a downloads > section - all the downloads are help in a folder called "downloads". > When a general user (i.e. one that doesn't have a log in) uses the site > and access the downloads page they are given a list of general > downloads. When a member who has logged in uses the site, the same page > presents the general downloads and the member only downloads. > > This all works fine. > > A slight hole in this security, however, is that the downloads folder > is not protected. I have moved the member downloads into a subfolder > within downloads. How can I protect this so that only people who are > logged in can access it - so that general users cannot accidentally > browse it or make a direct link to the documents within it? > > Hope this makes sense. > > Any ideas? > The simplest solutions are sometimes the best. Instead of having the log-in download folder as a sub folder, keep it separate and have it display as a separate directory they've got access to. The other possiblity is to swap the positions and make the general downloads folder a sub-folder of the log-in that shows no higher directory access from it. -- A fatal Operating Error Has Occurred and Windows must reboot. Your ships atmosphere has been purged for your protection during this reboot.
|
Linear Mode
