hi i have to upload a video.but i want to gives permission only authenticate user to download .but i have a problem in that.because if any body type the video detail in browser.(ex http://sitename/folder_name/videoname) then browser download that video.but i don't want this .please suggest me how can i resolve this problem.either i should generate the video name randomly or make a temporary folder in which video reside only for specific time,after this video will be delete. Or if any other ideas you have please let me know Thanks in advance
+3
A:
Upload the file to a folder outside the web root, this way it cannot be accessed directly. Then create a script which will provide the file for the browser, if the user has permissions to the requested file. And as a word of caution, before making file providing page, please look up directory traversal attacks and make sure your script won't be vulnerable to them.
Kim L
2010-05-31 07:42:36
hi thanks for answering me but you just tell me is there any script which will check authentication when i am typing the url like http:[email protected]/video_folder/videoname.flv then first script run then downloading start if the user is authenticate
Badshah
2010-05-31 07:48:35
A:
I think Kim L's idea is the best, but if you just want basic username/password checking on a directory, try this (if Apache2 is hosting your site):
Create an .htaccess file in the directory and fill it with something like:
RedirectMatch 404 /passwd$
AuthType Basic
AuthName "Password required"
AuthUserFile /var/www/sitename/folder_name/passwd
Require valid-user
Now add a password file with:
htpasswd -c -m /var/www/sitename/folder_name/passwd username
and enter a password when prompted. See man htpasswd for details.
You will need to configure Apache2 to use .htaccess files before this will work, and it's probably best you don't leave the passwd file in the same directory; it would be better stored outside the document root, but shown here just for an example.
Stacey Richards
2010-05-31 13:10:18