On Fri, Feb 19, 2010 at 1:19 PM, Michael Stroh <st...@astroh.org> wrote: > I have a site I'm working on with some data that I want to be readable by > anyone, but some files that I want to keep hidden from outside users. Here is > an example of my file structure. > > /products/data1/item_1/data.txt > /products/data2/item_2/data.txt > > I would like everything in data1 to be available by anyone who visits the > site, but I want to keep items in the data2 folder to only be accessible > through certain web page which I hope to eventually require logins. Some of > these items I'd like to not only display but also allow people to download. > > My main concern is that I don't want people to be able to guess the names of > the files and then be able to access the information on them. Every 'item' > has an entry in a MySQL database which holds some information. I was thinking > I could have randomly generated folder names to take the place of the things > like 'item_2' such as > > /products/data2/kl23j42i/data.txt > > and then link the folder name through a database entry. But I'm not sure if > there are more elegant or easier ways to deal with this. Plus someone could > still just try randomly querying the site until they get a match. I'd first > like to just create a web page where you can go to access the hidden files > but would later like to add more control for other users using logins and > passwords. > > Most of my files are just text files and images. Any suggestions? > > Thanks in advance! > > Michael > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Place all those files above the web root, the use php to read in the data from the files when display that data to the user. -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
