httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] Hide the URL when Downloading a File
Date Sun, 27 Oct 2002 01:36:54 GMT
Saqib.N.Ali@seagate.com wrote:

> Hi Joshua,
> Even if you hide the file in a area that is not accessible by WWW, the 
> file
> can be easily accessed by using the PHP file. People will just copy 
> the PHP
> file URL, and access the file like that. They don't need to know the exact
> location to get the file. They will just use the PHP file to get the PDF.


No.  Mary says that she has access control in the PHP.  What I showed 
was a way to use the PHP access control to protect the pdf file, which 
is exactly what she asked for.

>
>
> One of the way to fix this problem, is to use mod_rewrite and HTTP_REFERER
> var.


That is very easy for the client to get around simply by faking the Referer.

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message