I have a content management site where multiple users can manage their files.
Each user has it's own personal folder, for example
/userdata /user1 /user2 /user3
The website is made with php, mysql and secured with user authentication via mysql and a php session. Sow the data in mysql is secured but now I want to secure the files in the personal folders sow that user1 cant delete files in the "/userdata/user2" dir and user1 can't upload or even look at files in the "/userdata/user1" folder without using my php website.
Is it possible to let the folder "/userdata" (and all subfolders) only allow traffic from the php website (that has user authentication) and don't allow browsing from outside this website.
my server: Apache/2.0.54 (Ubuntu) PHP/5.0.5-2ubuntu1.2