Re: Protecting Content

That would still allow people to view the contents through the "direct URL" (using the script) eg, http://www.mysite.com/?file=foo.txt, but maybe I don't understand the question right.

--
b10m

All code is usually tested, but rarely trusted.

Comment on Re: Protecting Content

Replies are listed 'Best First'.
Re: Re: Protecting Content by waswas-fng (Curate) on Feb 18, 2004 at 19:53 UTC
I think the key line is: How can I allow access to content via a script, but dissallow it via a direct URL? So accessing via the cgi is what he wants, just not accessing the file directly. The simple solution is to put the file(s) in a directory that is accessible by the apache user (or cgi user) but not under the document root. The CGI would then be responsible for verifying the session/auth and presenting the file if it needs to, or the error page if the file access is not allowed. -Waswas	[reply]
Re: Re: Protecting Content by hardburn (Abbot) on Feb 18, 2004 at 17:11 UTC
My understanding is that the poster wants to allow a CGI to print out the file (presumably because the CGI handles password protections itself), but wants to make sure that the file isn't available without going through the CGI. ---- `: () { :\|:& };:` Note: All code is untested, unless otherwise stated	[reply] [d/l]