Re: secure file uploads and downloads

Re: secure file uploads and downloads

am 22.12.2007 12:09:09 von dave

Hello,
Thank you for this reply. I'll check this out.
Dave.

"Good Man" wrote in message
news:Xns9A09A64504E76sonicyouth@216.196.97.131...
> "Dave" wrote in
> news:4766b165$0$6970$4c368faf@roadrunner.com:
>
>> Hello,
>> Not sure if this is php related or not, but i'd like to have
>> certain
>> users who have the ability to upload files to my site, and others to
>> download files.
>> I thought about .htaccess and basic authentication, but then i
>> thought
>> that's not very secure i was wondering if there was a php solution,
>> something that splits user uploads and downloads in to two separate
>> sections? I checked out some scripts on phpbuilder.com but they don't
>> seem to work with php5 which is what i'm using.
>> Thanks.
>> Dave.
>>
>>
>>
>
> store your files above the www directory and control access with sessions.
> try google, this question has been asked and answered dozens of times.

Re: secure file uploads and downloads

am 22.12.2007 12:19:16 von Courtney

Dave wrote:
> Hello,
> Thank you for this reply. I'll check this out.
> Dave.
>
> "Good Man" wrote in message
> news:Xns9A09A64504E76sonicyouth@216.196.97.131...
>> "Dave" wrote in
>> news:4766b165$0$6970$4c368faf@roadrunner.com:
>>
>>> Hello,
>>> Not sure if this is php related or not, but i'd like to have
>>> certain
>>> users who have the ability to upload files to my site, and others to
>>> download files.
>>> I thought about .htaccess and basic authentication, but then i
>>> thought
>>> that's not very secure i was wondering if there was a php solution,
>>> something that splits user uploads and downloads in to two separate
>>> sections? I checked out some scripts on phpbuilder.com but they don't
>>> seem to work with php5 which is what i'm using.
>>> Thanks.
>>> Dave.
>>>
>>>
>>>
>> store your files above the www directory and control access with sessions.
>> try google, this question has been asked and answered dozens of times.
>
>
I store mine in a database directly. No direct access except through
programs written specifically to access them. Not even from someone with
root access unless they run MySQL..

Use whatever access control you like.

I have a .htaccess system that logs a username and then that is applied
to a SQL database of usernames to see what permissions they have with
respect to that.

In practice users can upload and download their own stuff, they cant see
anyone elses, but the admin users can access everyones stuff.