Protecting Folders

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I have a data driven website. Part of the website is a downloads
section - all the downloads are help in a folder called "downloads".
When a general user (i.e. one that doesn't have a log in) uses the site
and access the downloads page they are given a list of general
downloads. When a member who has logged in uses the site, the same page
presents the general downloads and the member only downloads.

This all works fine.

A slight hole in this security, however, is that the downloads folder
is not protected. I have moved the member downloads into a subfolder
within downloads. How can I protect this so that only people who are
logged in can access it - so that general users cannot accidentally
browse it or make a direct link to the documents within it?

Hope this makes sense.

Any ideas?

Re: Protecting Folders wrote:

Quoted text here. Click to load it

It rather depends on what method you are using to log people in. Assuming
the use of Apache, I would probably look at using mod_perl to write an
AuthHandler for that directory. If you aren't using Perl already, then
another solution might suit you better.

David Dorward       < <
                     Home is where the ~/.bashrc is

Re: Protecting Folders

Many thanks.

user authetication is managed using PHP, cookies and username/password
information stored in a MySQL database...

Re: Protecting Folders wrote:

Quoted text here. Click to load it
The simplest solutions are sometimes the best. Instead of having the log-in
download folder as a sub folder, keep it separate and have it display as a
separate directory they've got access to. The other possiblity is to swap
the positions and make the general downloads folder a sub-folder of the
log-in that shows no higher directory access from it.
A fatal Operating Error Has Occurred and Windows must reboot. Your ships
atmosphere has been purged for your protection during this reboot.

Site Timeline