Thursday, January 19, 2012

File access problem: PHP htaccess

Once I was asked a question related to File access over the web server.
The question was asked as follows...
"I have built an information maintenance system where files can be uploaded. Anyone can view those files.
But, the problem is when a file is viewed in the browser at that time if someone just copy the URL in some text file after that any body from any where can view that file by just pasting that URL in the browser's address bar.

How to prohibate this thing. PLZZZZZZZZZZZZZZZZZZZ help me...............

its verrrrrrrrrrrrrrrrry serious problem.............."

It was answered by a web expert Mr. Longor (his user id;) )as follows
"There's lots of ways to do this...the one that springs to mind is have a simple referer check at the top of your file-page and if the referer is not coming from your site, then simply redirect the browser to an error page of your choosing.

You can also use .htaccess on linux servers to accomplish this type of thing."


I answered as follows:
"yes neil dear
that was to appen
actually u r asking a questionn of basic security

what u can do is to change the access configurations from .htaccess file

or else use MySql at the back end and save those info in a database (password protected)

This will surely solve the problem!!"


To the answer by previous web expert I replied as follows...
"langsor gave a good solution

Bt basic problem is that the solution posted by him works only if your pages are php. But they may be simple text files also. Because i feel u r using flat files as your database.

so .htaccess solution as adviced by him and me both are correct.

and if in case your pages are php. then well good and fine. go on with the method of longor."


And then the person who asked the question clarified more as follows...
"Sorrrrrrry everyone,

actually i did not clear the problem to you, My files are in ".pdf" format...

Suppose,

http://localhost/information/sample.pdf

can be viewd ....... no login is required to do so..

if I cross the browser and after that in a new browser if I paste this URL then it should not be viewd......."



And then my final answer was
"ya i suppose now u gave correct explanation of ur problem

now only possible things are .htaccess

i need others to speak on this

Anyone to rescue neil of his situation??

easy bit... neil
lets see who solves first"

And guess what..
No one answered after this.
I was personally emailed to tell that the problem was solved by my approach. Gr888!!

The entire thread can be read at http://www.daniweb.com/web-development/php/threads/138376

2 comments:

  1. Nice Disquisition!Thanks for spending time on it.i found it very useful. If you have any question or any doubt so you should immediately visit on Read more

    Website Development Company in Las Vegas

    ReplyDelete
  2. . Portable App Development administrations attempt by expert engineers with stage independency, we take a shot at ground breaking that transforms thoughts into effective items. Follow Me Drone

    ReplyDelete