URL Security

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

johnworf
Forum Commoner
Posts: 28
Joined: Fri Nov 02, 2007 1:02 pm

Re: URL Security

Post by johnworf »

this might help...

i haven't checked it out but i need to implement something like this soon...

http://www.ngcoders.com/php/selling-dig ... pn-and-php
rashmisharma
Forum Newbie
Posts: 11
Joined: Wed Feb 18, 2009 4:27 am

Re: URL Security

Post by rashmisharma »

A big Thanks to all of u.
Now i m able to do what i want. But still there is a problem like if i type direct path in the url then anyone can able to download file. No .htaccess help me out.
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: URL Security

Post by Apollo »

What is the direct path, and exactly what is inside your .htaccess file?
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: URL Security

Post by kaisellgren »

rashmisharma wrote:A big Thanks to all of u.
Now i m able to do what i want. But still there is a problem like if i type direct path in the url then anyone can able to download file. No .htaccess help me out.
How about you actually put the file outside the document root and let PHP to handle the download?
rashmisharma
Forum Newbie
Posts: 11
Joined: Wed Feb 18, 2009 4:27 am

Re: URL Security

Post by rashmisharma »

I haven't put anything outside the root, instead i have url rewriting so that if my files are in path http://www.mydomain.com/download/filename.pdf then it is shown as http://www.mydomain.com/abc/xyz/downloa ... lename.pdf
so no one actually able to know the exact path of my files.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: URL Security

Post by kaisellgren »

rashmisharma wrote:I haven't put anything outside the root, instead i have url rewriting so that if my files are in path http://www.mydomain.com/download/filename.pdf then it is shown as http://www.mydomain.com/abc/xyz/downloa ... lename.pdf
so no one actually able to know the exact path of my files.
It is possible to know it. Ultimately you cannot hide anything, although very long filenames and unique looking foldernames will do fine usually.
Post Reply