[TriLUG] a webmastering question
David R.Matusiak
dave at matusiak.org
Tue Sep 16 19:26:48 EDT 2003
may be too simplistic for your needs, but what about putting the .doc
files in a separate directory and then protecting that directory with a
.htaccess file (simple authentication means built into apache)? anyone
surfing to that directory would have to provide a username/password
combo to get to the docs.
On Tuesday, September 16, 2003, at 07:08 PM, Richard O. Hammer wrote:
> In my role as webmaster for a local organization
> <http://www.canecreekcloggers.org/>, I am trying to figure out how to
> serve MS Word files with HTTP to only those users who have
> authenticated themselves.
>
> It seems like there ought to be an easy and obvious way but I haven't
> found it yet. The site is running on Debian GNU/Linux, with Apache
> 1.3.27 and PHP/4.3.
>
> I can make a few steps toward the goal:
> . I can use sessions with PHP, and thereby allow only authenticated
> users beyond a certain point in any PHP script.
> . I can put .doc files on the server and open them just fine. On my
> Windows computer both Netscape and IE do the right thing, opening the
> file in MS Word.
> . I can serve a .doc file to an authenticated user with the PHP
> virtual() function.
>
> But every way that I have thought of so far has this weakness: an
> unauthenticated user could load the .doc file directly, without going
> through my PHP script, if that user happened to learn the URL of the
> .doc file. My PHP scripts do not seem to have any more permissions to
> access files than the permissions which are granted to any browser.
>
> Any suggestions?
>
> Thanks,
> Rich Hammer
More information about the TriLUG
mailing list