[nycphp-talk] protecting download directory in PHP app on Unix box?
Allen Shaw
ashaw at polymerdb.org
Wed May 28 11:38:41 EDT 2008
Kristina Anderson wrote:
> This might be off topic as well...but I have a PHP app that submits to
> Paypal and then on the "thank you" page, I provide a link to a PDF that
> they bought.
>
Hi Kristina,
I would say don't provide a link directly to the file (e.g.,
http://example.com/protected/file.pdf). Instead, provide them a unique
key embedded in a link to a script, which script would then download the
file for them (e.g.,
http://example.com/getfile.php?key=secretstuff&file=file.pdf). This way
the script controls who gets what. (And if you really want to clamp
down, it would even allow you to make keys valid for only one use, etc.)
- Allen
--
Allen Shaw
slidePresenter (http://slides.sourceforge.net)
More information about the talk
mailing list