Re: Securing file access

["Jason Merriman" <jasonmerriman11 () aol com>]

You could have the script create a temporary link to the file with a 
random filename, IE:

ln -s <source file> 123456789randomcharacters.ext

Then, redirect the user to the temporary link (which, if you use enough 
random characters, nobody should be able to guess), and have a scavenger 
program run every few minutes or so to delete any links that are older 
than a few minutes.

J.

Saphyr wrote on 9/28/2004, 2:15 AM:

> > guess a file name to download).  In order to access the files, the
> database
> > would link a file to a unique id, so a page that validates the user
> would
> > then give access to the file stored outside of the www on the
> server.  Now,
> > this is where the real question lies.  How is this possible since
> the files
> > are not in a www accessible path, since a mere link to a file won't
> due.
> > Any thoughts would be welcome.
>
> Hi there.
>
> According to your files sizes, could you consider using binary fields
> in your
> database ?
>
> .antoine
>
>
>
>
> ------------oOoo---Ôô----ooOo---------------------------
> Antonio FONTES    (well, me, actually)
> http://www.nxtg.net/saphyr/  (tout et rien en français)
> http://www.nxtg.net/is/ (blog - développeur web)
> E-mail: prenom.nom () mondomaine net
> -------------------------------------------------------------

-- 
----------------------------------------------------
Jason Merriman
Systems Administrator, America Online
aim: jasonmerriman11
----------------------------------------------------