[nycphp-talk] protecting download directory in PHP app on Unix box?
Kristina Anderson
ka at kacomputerconsulting.com
Wed May 28 11:49:29 EDT 2008
Hmm...seems quick and easy.
I'm not sure how to do that in PHP though, any links to sample code?
I could use the transaction ID for that, which is what I really want to
use somehow, as they are guaranteed unique.
> Kristina Anderson wrote:
> > This might be off topic as well...but I have a PHP app that submits
to
> > Paypal and then on the "thank you" page, I provide a link to a PDF
that
> > they bought.
> >
> Hi Kristina,
>
> I would say don't provide a link directly to the file (e.g.,
> http://example.com/protected/file.pdf). Instead, provide them a
unique
> key embedded in a link to a script, which script would then download
the
> file for them (e.g.,
> http://example.com/getfile.php?key=secretstuff&file=file.pdf). This
way
> the script controls who gets what. (And if you really want to clamp
> down, it would even allow you to make keys valid for only one use,
etc.)
>
> - Allen
>
> --
> Allen Shaw
> slidePresenter (http://slides.sourceforge.net)
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
>
More information about the talk
mailing list