Hi all,
I have a website that uses php sessions and verisign for the security side of things, the site its self is a large database of PDFs....however we found that even though the pages were secure you can access the PDFs if you know the folder location?
eg: https://www.mikenye.co.uk/products/pdf_folder/main.pdf (example url not real)
Is there a way of adding session security to the holding folder?? Im stuck and arnt too sure how to do this. I know that this flaw renders the website useless.
Thanks for any help
Mike
Folder protection???
Moderator: General Moderators
- jaoudestudios
- DevNet Resident
- Posts: 1483
- Joined: Wed Jun 18, 2008 8:32 am
- Location: Surrey
Re: Folder protection???
you can use a .htaccess file.
This will give you a few options.
This will give you a few options.
Re: Folder protection???
Look up mod_rewrite on Google if you're using Apache as your web server. It will allow you to rewrite the URL to lets say... a PHP file to do more authenticating. Baically you could make point to a PHP file that checks users authentication. If the user authenticates send the file to the user, else display an error or do whatever.
Code: Select all
http://www.mydomain.com/files/blah.pdf- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Folder protection???
Put the files outside the document root. Serve them through a PHP script.