[TriLUG] a webmastering question
Richard O. Hammer
ROHammer at EarthLink.net
Tue Sep 16 19:08:26 EDT 2003
In my role as webmaster for a local organization
<http://www.canecreekcloggers.org/>, I am trying to figure out how to
serve MS Word files with HTTP to only those users who have
authenticated themselves.
It seems like there ought to be an easy and obvious way but I haven't
found it yet. The site is running on Debian GNU/Linux, with Apache
1.3.27 and PHP/4.3.
I can make a few steps toward the goal:
. I can use sessions with PHP, and thereby allow only authenticated
users beyond a certain point in any PHP script.
. I can put .doc files on the server and open them just fine. On my
Windows computer both Netscape and IE do the right thing, opening the
file in MS Word.
. I can serve a .doc file to an authenticated user with the PHP
virtual() function.
But every way that I have thought of so far has this weakness: an
unauthenticated user could load the .doc file directly, without going
through my PHP script, if that user happened to learn the URL of the
.doc file. My PHP scripts do not seem to have any more permissions to
access files than the permissions which are granted to any browser.
Any suggestions?
Thanks,
Rich Hammer
P.S. have a good hurricane!
More information about the TriLUG
mailing list