Storing files

thoand

Hi,
is this a good solution for storing files on my web server as secure as posible.

//After all the login checking has been done:
//get the requested file

header("Content-type: application/pdf");
// It will be called downloaded.pdf
header("Content-Disposition: attachment; filename=lastned.zip");
// The PDF source is in doc.pdf
readfile('/home/stuff/doc.pdf');

the directory is outside my public web catalog

eg.

here I store the documents:.
/home/stuff/doc.pdf

this is the public directory:
/home/myserver/www/download_page.php

Have tried this and it worked OK, in IE 6.0 and IE5 (Mac) + Netscape

But the question is, is this a good idea to store the documents some levels up on the server.

As I see it, the directory would be hard to find for people figuring out where the directory is/try to access other files.

Does anyone have comments or better a solution to share?

best regards Thomas

pharcyde0

As long as the directory is out of your www document root you'll be ok.