[nycphp-talk] protecting download directory in PHP app on Unix box?
Ajai Khattri
ajai at bitblit.net
Wed May 28 15:32:09 EDT 2008
On Wed, 28 May 2008, Kristina Anderson wrote:
> This is similar to what I was planning on doing...
>
> http://www.proofmagazine.com/getfile.php?
> tx=funkypaypaltransid&PDFid=1234&file=file.pdf
>
> authenticates against the transaction id / pdf id pair and then serves
> up a file...but where does the file live and how does this page know
> where to find it and etc...that's what I'm not clear on, can anyone
> further explain this file=file.pdf aspect?
That's something YOU would decide/design.
If the PDFs are custom per user then you should probably create a unique
path with their user ID embedded in it. If not, then you can decide how to
organize the tree of PDFs. BUT the user will not see the pathname, only
your download script, so you decide.
--
Aj.
More information about the talk
mailing list