• 0

.htaccess files, preventing files being accessed if names known


Question

Hey,

Basically for a clint i made a website, it has thosands of staff members who can log in and one of the features includes uploading their own cvs, staff members have 1 cv each, and when uploaded and named as the staff id in a folder for cvs, Even thought staff members must login to upload/view their cvs, it seems if you know the url where they are held you can access any of them easily by changing the file name as the file names are staff ids,

Is there a way to make it so you cant type in a url to access the files, you must click a link in the page to access the file?

Thanks, Tim

P.s. Im using html, php, mysql

Link to comment
Share on other sites

5 answers to this question

Recommended Posts

  • 0

Not a full proof way of stopping it, but you could use simple htaccess hotlinking protection, like many sites use for image files. But should work for any file type - only allow access when referrer site is your own, etc.

This seems to be what your after.. Since they would have to log into the site to be able to use your site as the referring site.. should prevent the casual access.. But since referrer could be forged, its not fullproof. Just google htaccess hotlinking to see how to do it.

edit: another way would be with cookies, verify they are logged in before access, etc.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.