Reputation: 10172
direct file download protection
I have a folder for downloads on my server, i want to prevent direct access to that folder so i am makin it pass-protected with htaccess and i will push download with a php script. But i have some questions regarding mkdir and file_exists
Do mkdir and file_exists works good for pass-protected folders ?
and
would i get any error while uploading file to that folder ?
AND
is this a good way of preventing direct access ?
thanks
Upvotes: 0
Views: 897
Answers (2)
Reputation: 9377
As pass-protection only aplies to HTTP connections though your Apache server, every PHP function that can access files will work. And because uploading a file is also only copying a file with PHP from the temp dir to the upload dir, there should be not problem.
Using htaccess is a good method to avoid direct access. But it would be much better to have the uploaded files in a directory which can not be access through any HTTP reuest. So storing it above the httpdocs (or equal) folder will make it totally impossible to access a file through a direct request.
Upvotes: 1
Reputation: 1679
htaccess works fine for simple password protection. As soon as a user has authenticated everything works exactly like for normal folders. It should not affect any php-functions or server side permissions.
Upvotes: 0
Related Questions
- Deny direct file download from webserver by URL
- PHP prevent direct access to file but still use in download script
- Restricting file downloads
- PHP - Protecting digital Downloads
- PHP protecting downloads
- Preventing a file being downloaded or accessed on a server
- File download prevention
- restrict file download php
- Protecting Downloads
- How to not allow users(or hackers) to download a file directly from web server?