Url Security

Discussion in 'PHP' started by rashmisharma, Feb 18, 2009.

0
  1. #1
    Hello!
    I have a serious security issue. Suppose my site URL is http://www.abc.com
    Now I have a secure admin panel folder xyz in it and ant this folder contains a subfolder where I storing the uploaded .pdf files and only after providing a valid username & password one can download these pdfs.
    But if user types the direct URL in browser http://www.abc.com/xyz/pdfFolder/filename.pdf
    Then he easily access that pdf without any authentication.

    Please help me. I had searched a lot on it but don’t find any solution.
    Everywhere I found .htaccess file as a solution but if I do that then I wont b able to download that file even after authentication, it says a corrupted pdf file.

    Its Really very urgent!
    Thanks for any help
     
    rashmisharma, Feb 18, 2009 IP
  2. Techmonkey

    Techmonkey Active Member

    Messages:
    107
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    53
    #2
    Can you not CHMOD the page so there is no public read access to it?
     
    Techmonkey, Feb 18, 2009 IP
  3. rashmisharma

    rashmisharma Peon

    Messages:
    2
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    if i CHMOD it than it wont be accessible at all but i want to display that pdf to registered users.
     
    rashmisharma, Feb 18, 2009 IP