Re: Protecting Content

You simply put foo.txt outside your server's document path and modify the Perl code to read it there instead of wherever you have it now. A Perl CGI can read any file on the system it has permission to read.

----
: () { :|:& };:

Note: All code is untested, unless otherwise stated

Comment on Re: Protecting Content Select or Download Code

Replies are listed 'Best First'.
Re: Protecting Content by b10m (Vicar) on Feb 18, 2004 at 17:06 UTC
That would still allow people to view the contents through the "direct URL" (using the script) eg, http://www.mysite.com/?file=foo.txt, but maybe I don't understand the question right. -- b10m All code is usually tested, but rarely trusted.	[reply]
Re: Re: Protecting Content by waswas-fng (Curate) on Feb 18, 2004 at 19:53 UTC
I think the key line is: How can I allow access to content via a script, but dissallow it via a direct URL? So accessing via the cgi is what he wants, just not accessing the file directly. The simple solution is to put the file(s) in a directory that is accessible by the apache user (or cgi user) but not under the document root. The CGI would then be responsible for verifying the session/auth and presenting the file if it needs to, or the error page if the file access is not allowed. -Waswas	[reply]
Re: Re: Protecting Content by hardburn (Abbot) on Feb 18, 2004 at 17:11 UTC
My understanding is that the poster wants to allow a CGI to print out the file (presumably because the CGI handles password protections itself), but wants to make sure that the file isn't available without going through the CGI. ---- `: () { :\|:& };:` Note: All code is untested, unless otherwise stated	[reply] [d/l]