Jump to content


Photo

help on creating a secure download system


  • Please log in to reply
2 replies to this topic

#1 darkcarnival

darkcarnival
  • Members
  • PipPipPip
  • Advanced Member
  • 162 posts

Posted 27 May 2006 - 02:43 PM

hello,

I'm helping a fellow script site with their downloads by providing a alt link(since he gets so many hits and all) and I want to be able to add some security to the download system i have for this.

basically i have done some reading and ive seen many do some with http_referer to prevent a bandwidth attack, but I do not know how to do such a thing.

first off is this possible with php itself or do i need to alter something in apache to work along with this?

any help at all is fine :)

thanks.

#2 poirot

poirot
  • Members
  • PipPipPip
  • Advanced Member
  • 646 posts
  • LocationAustin, TX

Posted 27 May 2006 - 03:26 PM

Basically there is no short answer for this.

I would not rely on HTTP_REFERER since some firewalls or browsers will not send it, and also some browsers can fake this header.

You could (should) create a download php script which will send the file to the user without revealing it's real location. Then, you can add some security to this php script (i.e.: login / password).
~ D Kuang

#3 darkcarnival

darkcarnival
  • Members
  • PipPipPip
  • Advanced Member
  • 162 posts

Posted 28 May 2006 - 12:22 AM

i dont want to add a password to it since im doing that now and i get alot of people bitching about it ;)

when not showing the real location mean like doing:

download.php?id=2

i might go ahead and do that.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users