Hello,
I am currently about to make a system which enables users to access pdf and doc files from the server. However, the files that can be accessed vary per user. So it could happen that user A can access files f1, f2 and f3, while user B can only access f3 and user C can access f5 and f6.
I could ofcourse put all the files in the same folder and then have a script which checks the username and compares it to a list of allowed files for that user. The problem with that is that a user could simply bypass the script by typing the direct URL to a file in the address bar. This way he would still be able to access all the files. This could be prevented with htaccess in the folder, but that would mean that I have to make subfolders with different htaccess for each user... lots of work PLUS the user would have to login twice...
So I was thinking databases... Maybe it could be wise to store all the documents in a database and then when a user request a .doc or .pdf, just let a script generate the file from the database. Security-wise this would be safer... I think (?)...
Any more ideas or better ideas??
Thanks in advance
File access based on permissions
Moderator: General Moderators