Loading security issue in php

Question

Loading security issue in php

Hi, I have to upload a video. But I want to give permission only to authenticate the user to download. But I have a problem with that. Because if any type of body displays the video details in the browser. (ex http: // sitename / folder_name / videoname ), then the browser will download this video. But I do not want this .please suggest me how I can solve this problem. Or should I generate the video name randomly or create a temporary folder in which the video lives only for a certain time after this video is deleted. If you have any other ideas, please let me know. Thanks in advance.

+3

security php

Badshah May 31 '10 at 7:35

source share

2 answers

Kim l · Answer 1 · 2010-05-31T07:42:36+0000

Upload the file to a folder outside the root website, so it cannot be accessed directly. Then create a script that will provide the file for the browser if the user has permissions for the requested file. And as a warning before creating a file submission page, review directory traversal attacks and make sure your script is not vulnerable to them.

Stacey Richards · Answer 2 · 2010-05-31T13:10:18+0000

I think Kim L's idea is the best, but if you just want to check the username and password in the directory, try this (if Apache2 hosts your site):

Create a .htaccess file in the directory and fill it with something like:

RedirectMatch 404 /passwd$
AuthType Basic
AuthName "Password required"
AuthUserFile /var/www/sitename/folder_name/passwd
Require valid-user

Now add the password file:

htpasswd -c -m /var/www/sitename/folder_name/passwd username

and enter the password when prompted. See Man htpasswd for more details.

Apache2 .htaccess, , , , passwd ; , .

Loading security issue in php

More articles: