Securing a hosted exe file using php authentication for html pages

DannyBoy

Diamond Member
Nov 27, 2002
8,820
2
81
www.danj.me
What options are there to secure exe files or jpg files etc from being accessible without first authenticating user / pass through a php / database driven user login page?

TIA
 

Mitzi

Diamond Member
Aug 22, 2001
3,775
1
76
Put something similar to the following in your Apache conf:

<Directory "/var/www/localhost/htdocs/mozzano/temp">
Options +Indexes
AuthUserFile /var/www/localhost/htdocs/mozzano/temp/.htpasswd
AuthName "Mitzi's temp file section!"
AuthType Basic
require valid-user
</Directory>

You can then use Apache htpasswd2 to create username/passwords for the directory. If you need more detailed info let me know.
 

DannyBoy

Diamond Member
Nov 27, 2002
8,820
2
81
www.danj.me
Originally posted by: Mitzi
Put something similar to the following in your Apache conf:

<Directory "/var/www/localhost/htdocs/mozzano/temp">
Options +Indexes
AuthUserFile /var/www/localhost/htdocs/mozzano/temp/.htpasswd
AuthName "Mitzi's temp file section!"
AuthType Basic
require valid-user
</Directory>

You can then use Apache htpasswd2 to create username/passwords for the directory. If you need more detailed info let me know.

I know how to password protect a directory mitz ;)

Im trying to protect files using the php "member area" type script im working on.

Basically if a user logs in through login.php, they can access the file, but if they dont login they get pointed to a page saying they need to login...
 

DaveSimmons

Elite Member
Aug 12, 2001
40,730
670
126
I'm a total n00b at PHP, but for perl script you'd do something like

(image link)
<img src="imageserver.pl?image-id=xxxx">

where imageserve.pl does any validation then returns either the image (copying it out of a private folder) or an error.

Note that if authentication is passed along via GET (in the URL) instead of POST or cookies, Google can end up capturing the link with authentication from referrer: headers when the person moves from your page to another page where google has tracking. Or so I've been told, there's apparently a FAQ item at google about "why do my secret pages show up in google search results?"