| Darren 2005-12-04, 8:49 pm |
| Hello. I have a query. supposing i have an authentication that takes a
username and password and creates a key based on this data and a few other
bits retrieved from a database. This key is then put in a session or server
variable, and as long as this key is set then a user can vbrowse round at
his leasure. Now I already have something like this on the drawing board
written in php but there is a problem, supposing someone knows an exact url
of a zip file or other binary, ot a none executable extention then is ther
anyway to stop a none logged in user from downloading that file by putting
the full url in the address bar? I know of the restrictions exist to block
unautheticated users access but i'm looking for something more conditional.
I'll give an example.
John finds that there is a file on my site called test.zip and he wants to
download itso he puts in the url htp://www.myurl.com/test.zip. at this point
he should get an access denied or some other error BUT if he were to log in
with a username, password and another key field retrieved from a private
database then the server itself will allow acces assuming all three
vairables are set correctly? Is there anyway of allowing this without
rewriting Apache?
Thanks
|