limiting files to SCRIPT ACCESS only

hammerslane

hey, i'm still very much on 'newbie' status here, so bear with me... (i wasn't sure whether this should have gone in newbies, but the question is windows specific)

i understand that on a linux platform, there is a program called HTACCESS which can limit access to files when a user types in the direct url of the file, but obviously; the file is still available to a php script which will retrieve it and send it in an email (that's a different story though..)

in your opinion, what is the best way (on a windows server) to limit access to these files, but only to the imediate browser?

thanks... 🙂

l8rz

Natty_Dreadlock

if u use apache, of course u can use .htaccess files, too (they r not a program but configuration files). if u use iis, i think u gotta modify the access rights of the directory or file u wanna protect in its properties dialogue. i don't really know what it looks like, but i think u should remove permissions for all users and only give the account under which the webserver is running the appropriate access rights. not very precise, i know, but since i do not own windows 2000 or xp or so, i just can give u some hints where to start.
hth

zigma

I have been thinking about the same thing.

I have been trying to figure out a way to admin access control through web interface (with database backend) instead of going through file permission.

One way that I can think of is using session (include in all file header) to keep track registered user login and force all download link to php download script.

The problem with this is, if they know the physical file location they can still go to the web address directly bypassing the session.

The session technique mentions above only protect php scripts. It may need quite some effort to maintain files download through php download/redirection script on a whole site.

Is there a good way to set up a restriction to a folder (and its childs) to allow access only to registered user in database.
I'm talking about direct file access (such as *.zip file).

It seems to me that .htaccess would be my best bet. Anyone have know a good tutorial for using .htaccess for Apache windows?

stolzyboy

to get away from the navigating to the file to download it, you can put the files outside of the webroot, but then with your download script, you can have your php script call the file