[UPHPU] Secure PHP file serving.
William Attwood
wattwood at gmail.com
Tue Sep 22 15:41:28 MDT 2009
In Apache you can disable directory listing.
You can also have a password file on the folder.
thirdly, you can have an index.php file that loads an authentication
controller and prompts for a login when they attempt the directory, however,
this won't protect specific files.
The mix of #1 and #2, or #1 and #3 should suffice for you.
-Will
On Tue, Sep 22, 2009 at 3:40 PM, Andrew kain <despairfactor at gmail.com>wrote:
> Hello list, I am looking for the best way to serve secure sensitive files
> uploaded to a PHP server. I only want authenticated users to be able to
> view
> these files (jpg, pdf, etc). Usually anyone can view files uploaded to any
> directory. I'm guessing the best way would be to upload the files outside
> of
> the web root that way they are not directly accessable from the web server.
> My question is, what would be the next step? To authenticate the session
> and
> mod re-write to direct the user to the secured area? Can anyone with
> any experience with this please give some pointers? thank you much in
> advance.
>
> -bob
>
> _______________________________________________
>
> UPHPU mailing list
> UPHPU at uphpu.org
> http://uphpu.org/mailman/listinfo/uphpu
> IRC: #uphpu on irc.freenode.net
>
--
Take care,
William Attwood
Idea Extraordinaire
wattwood at gmail.com
Marie von Ebner-Eschenbach<http://www.brainyquote.com/quotes/authors/m/marie_von_ebnereschenbac.html>
- "Even a stopped clock is right twice a day."
More information about the UPHPU
mailing list