NYCPHP Meetup

NYPHP.org

[nycphp-talk] protecting download directory in PHP app on Unix box?

Kristina Anderson ka at kacomputerconsulting.com
Wed May 28 11:45:53 EDT 2008 

Hmm... I like this... if I copy the file to the web server I can name 
the directory after their transaction ID....make unique directory for 
each customer...then delete them after a day or so...we have lots of 
room..is this doable on a shared host?  ...outside "public_html" is 
outside the root, or no?



--Kristina


> Hello Kristina,
> 
> First off, don't have the PDF's "serveable" from Apache.
> Have them OUT of the web root.
> 
> Second, after they pay, and get the IPN feedback to validate the sale,
> you could copy the pdf from your safe directory (outside of apache)
> to the webroot and rename it something unique.
> 
> You could go so far as creating a maze of unique directories:
> 
> ie: /ra123/poo/fluff/uuid123123123123.pdf
> 
> Then remove it after 24 hours or something.
> 
> - Ben
> 
> Kristina Anderson wrote:
> > This might be off topic as well...but I have a PHP app that submits 
to 
> > Paypal and then on the "thank you" page, I provide a link to a PDF 
that 
> > they bought.
> >
> > The server is Unix based, and before submitting the sale, I collect 
> > various information about the user, and then when the transaction 
is 
> > complete, I get a unique transaction ID from Paypal.
> >
> > What's the easiest, quickest way to provide some level of 
complexity to 
> > the downloads so that people can't just go back into the directory 
and 
> > download every PDF without paying?  It doesn't have to be 100% 
secure 
> > but should be secure enough to keep out "most" people.
> >
> > I've been looking into .htaccess but wondering if that's overkill 
and 
> > there isn't some way to authenticate against my DB information 
before 
> > allowing the download?
> >
> > -- Kristina 
> > _______________________________________________
> > New York PHP Community Talk Mailing List
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
> > NYPHPCon 2006 Presentations Online
> > http://www.nyphpcon.com
> >
> > Show Your Participation in New York PHP
> > http://www.nyphp.org/show_participation.php
> >
> >   
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> 
>

More information about the talk mailing list