[nycphp-talk] protecting download directory in PHP app on Unix box?
Kristina Anderson
ka at kacomputerconsulting.com
Wed May 28 15:48:20 EDT 2008
Thanks Ajai -- I was wondering how to pass the filepath into the
function and call the download...but as usual my questions have been
answered here on our wonderful list!
Basically I'm having the web host recommend the most secure location
for our directory and then just name the PDFs by ID#...they're not
custom by user but will be for sale to anyone for 99 cents...URL to be
posted ASAP! :)
> On Wed, 28 May 2008, Kristina Anderson wrote:
>
> > This is similar to what I was planning on doing...
> >
> > http://www.proofmagazine.com/getfile.php?
> > tx=funkypaypaltransid&PDFid=1234&file=file.pdf
> >
> > authenticates against the transaction id / pdf id pair and then
serves
> > up a file...but where does the file live and how does this page
know
> > where to find it and etc...that's what I'm not clear on, can anyone
> > further explain this file=file.pdf aspect?
>
> That's something YOU would decide/design.
>
> If the PDFs are custom per user then you should probably create a
unique
> path with their user ID embedded in it. If not, then you can decide
how to
> organize the tree of PDFs. BUT the user will not see the pathname,
only
> your download script, so you decide.
>
>
>
> --
> Aj.
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
>
More information about the talk
mailing list