how to secure documents in server

Hello, Can anyone suggest me solution?

I Need to manage different types of documents (doc,xls,ppt etc) in
server. I have folder structure to maintain these documents in server.

Say folder1 is having all doc files; folder2 is having all xls files
and so on.


Now these documents should not be able to get access through the url
by directly typing path.
E-g if I try to access directly www.mywebsite.com/folder1/xyz.doc it
will open the document in browser itself.
At the same time these documents should be access only through our
website once they are login. But without login also if you know the
path you can get these documents how should I avoid it?

How can I provide security to these documents in server?

On Jul 18, 11:05 am, RAZZ <rajat82.gu...@gmail.com> wrote:
> Hello, Can anyone suggest me solution?
>
> I Need to manage different types of documents (doc,xls,ppt etc) in
> server. I have folder structure to maintain these documents in server.
>
> Say folder1 is having all doc files; folder2 is having all xls files
> and so on.
>
> Now these documents should not be able to get access through the url
> by directly typing path.
> E-g if I try to access directlywww.mywebsite.com/folder1/xyz.docit
> will open the document in browser itself.
> At the same time these documents should be access only through our
> website once they are login. But without login also if you know the
> path you can get these documents how should I avoid it?
>
> How can I provide security to these documents in server?

Depending on webserver your should look at .htacceess for Apache or
httpd.ini for IIS...

On Jul 18, 3:08*pm, GArlington <garling...@tiscali.co.uk> wrote:
> On Jul 18, 11:05 am, RAZZ <rajat82.gu...@gmail.com> wrote:
>
>
>
> > Hello, Can anyone suggest me solution?
>
> > I Need to manage different types of documents (doc,xls,ppt etc) in
> > server. I have folder structure to maintain these documents in server.
>
> > Say folder1 is having all doc files; folder2 is having all xls files
> > and so on.
>
> > Now these documents should not be able to get access through the url
> > by directly typing path.
> > E-g if I try to access directlywww.mywebsite.com/folder1/xyz.docit
> > will open the document in browser itself.
> > At the same time these documents should be access only through our
> > website once they are login. But without login also if you know the
> > path you can get these documents how should I avoid it?
>
> > How can I provide security to these documents in server?
>
> Depending on webserver your should look at .htacceess for Apache or
> httpd.ini for IIS...

well we are using yahoo server and it doesn't allow .htaccess to
upload or manipulate by developers
so is there any other way? i just want that doc or xls files should
not be able to open directly unless person has properly login.

On 18 Jul, 11:14, RAJ <rajat82.gu...@gmail.com> wrote:
> On Jul 18, 3:08*pm, GArlington <garling...@tiscali.co.uk> wrote:
>
>
>
>
>
> > On Jul 18, 11:05 am, RAZZ <rajat82.gu...@gmail.com> wrote:
>
> > > Hello, Can anyone suggest me solution?
>
> > > I Need to manage different types of documents (doc,xls,ppt etc) in
> > > server. I have folder structure to maintain these documents in server..
>
> > > Say folder1 is having all doc files; folder2 is having all xls files
> > > and so on.
>
> > > Now these documents should not be able to get access through the url
> > > by directly typing path.
> > > E-g if I try to access directlywww.mywebsite.com/folder1/xyz.docit
> > > will open the document in browser itself.
> > > At the same time these documents should be access only through our
> > > website once they are login. But without login also if you know the
> > > path you can get these documents how should I avoid it?
>
> > > How can I provide security to these documents in server?
>
> > Depending on webserver your should look at .htacceess for Apache or
> > httpd.ini for IIS...
>
> well we are using yahoo server and it doesn't allow .htaccess to
> upload or manipulate by developers
> so is there any other way? i just want that doc or xls files should
> not be able to open directly unless person has properly login.- Hide quoted text -
>
> - Show quoted text -

You're not going to be able to do much on yahoo server I'm afraid. The
most common way to do this is to store the files outside of the web
root and use a php script to deliver the file.

I suggest you change hosts. There are much better value ones out there.

> You're not going to be able to do much on yahoo server I'm afraid. The
> most common way to do this is to store the files outside of the web
> root and use a php script to deliver the file.
>
> I suggest you change hosts. There are much better value ones out there.

thank you for response can you suggest me bit in details regarding
"storing files outside of the web root and use a php script to deliver
the file"?

On 18 Jul, 11:36, RAZZ <rajat82.gu...@gmail.com> wrote:
> > You're not going to be able to do much on yahoo server I'm afraid. The
> > most common way to do this is to store the files outside of the web
> > root and use a php script to deliver the file.
>
> > I suggest you change hosts. There are much better value ones out there.
>
> thank you for response can you suggest me bit in details regarding
> "storing files outside of the web root and use a php script to deliver
> the file"?

Actually another way to do it is to store the files in a BLOB field in
a database and delivering them from there. Here is a tutorial for that
and you could adapt it for the file system version:
http://www.php-mysql-tutorial.com/php-mysql-upload.php

On Jul 18, 3:50*pm, Captain Paralytic <paul_laut...@yahoo.com> wrote:
> On 18 Jul, 11:36, RAZZ <rajat82.gu...@gmail.com> wrote:
>
> > > You're not going to be able to do much on yahoo server I'm afraid. The
> > > most common way to do this is to store the files outside of the web
> > > root and use a php script to deliver the file.
>
> > > I suggest you change hosts. There are much better value ones out there.
>
> > thank you for response can you suggest me bit in details regarding
> > "storing files outside of the web root and use a php script to deliver
> > the file"?
>
> Actually another way to do it is to store the files in a BLOB field in
> a database and delivering them from there. Here is a tutorial for that
> and you could adapt it for the file system version:http://www.php-mysql-tutorial.com/php-mysql-upload.php

That was really very good option but i have documents or doc files
which contains images and tables while downloading text are fine but
images and tables are coming in some encrypted format?

On 18 Jul, 12:31, RAZZ <rajat82.gu...@gmail.com> wrote:
> On Jul 18, 3:50*pm, Captain Paralytic <paul_laut...@yahoo.com> wrote:
>
> > On 18 Jul, 11:36, RAZZ <rajat82.gu...@gmail.com> wrote:
>
> > > > You're not going to be able to do much on yahoo server I'm afraid. The
> > > > most common way to do this is to store the files outside of the web
> > > > root and use a php script to deliver the file.
>
> > > > I suggest you change hosts. There are much better value ones out there.
>
> > > thank you for response can you suggest me bit in details regarding
> > > "storing files outside of the web root and use a php script to deliver
> > > the file"?
>
> > Actually another way to do it is to store the files in a BLOB field in
> > a database and delivering them from there. Here is a tutorial for that
> > and you could adapt it for the file system version:http://www.php-mysql-tutorial.com/php-mysql-upload.php
>
> That was really very good option but i have documents or doc files
> which contains images and tables while downloading *text are fine but
> images and tables are coming in some encrypted format?

I don't understand??? What difference does it make what the document
contains? A binary file is a binary file is a binary file! It can
contain anything whatsoever???

RAZZ schrieb:
> Hello, Can anyone suggest me solution?
>
> I Need to manage different types of documents (doc,xls,ppt etc) in
> server. I have folder structure to maintain these documents in server.
>
> Say folder1 is having all doc files; folder2 is having all xls files
> and so on.
>
>
> Now these documents should not be able to get access through the url
> by directly typing path.
> E-g if I try to access directly www.mywebsite.com/folder1/xyz.doc it
> will open the document in browser itself.
> At the same time these documents should be access only through our
> website once they are login. But without login also if you know the
> path you can get these documents how should I avoid it?
>
> How can I provide security to these documents in server?

a) Set the directory to 0600
b) Send the files via a php script, which test the login before.
Like this:
// Check Login
// Send pdf as example:
header('Content-type: application/pdf');
// If it is an download:
header('Content-Disposition: attachment; filename="downloaded.pdf"');
// And fire the file
readfile('original.pdf');
//end

RAZZ wrote:
> Hello, Can anyone suggest me solution?
>
> I Need to manage different types of documents (doc,xls,ppt etc) in
> server. I have folder structure to maintain these documents in server.
>
> Say folder1 is having all doc files; folder2 is having all xls files
> and so on.
>
>
> Now these documents should not be able to get access through the url
> by directly typing path.
> E-g if I try to access directly www.mywebsite.com/folder1/xyz.doc it
> will open the document in browser itself.
> At the same time these documents should be access only through our
> website once they are login. But without login also if you know the
> path you can get these documents how should I avoid it?
>
> How can I provide security to these documents in server?

Pur ALL thes documents as large BLOB objects in a database: thats one
easy place to store them and one access methodd needed to restrict
access to what you want.