Folder protection???
Posted: Mon Mar 16, 2009 4:55 am
Hi all,
I have a website that uses php sessions and verisign for the security side of things, the site its self is a large database of PDFs....however we found that even though the pages were secure you can access the PDFs if you know the folder location?
eg: https://www.mikenye.co.uk/products/pdf_folder/main.pdf (example url not real)
Is there a way of adding session security to the holding folder?? Im stuck and arnt too sure how to do this. I know that this flaw renders the website useless.
Thanks for any help
Mike
I have a website that uses php sessions and verisign for the security side of things, the site its self is a large database of PDFs....however we found that even though the pages were secure you can access the PDFs if you know the folder location?
eg: https://www.mikenye.co.uk/products/pdf_folder/main.pdf (example url not real)
Is there a way of adding session security to the holding folder?? Im stuck and arnt too sure how to do this. I know that this flaw renders the website useless.
Thanks for any help
Mike