protecting php files ?

[fran1942]

sorry, a newbie question.

I have a file upoad php file on my server.

I dont want any random client to be able to access it.

Do I protect it by adding session code to it ?

 

Thanks for any advice.

[premiso]

You can put it outside the www directory then use a file reading script to dish it out, they would have to have the right hash or something of that store. You would need to store the file path/hash in a DB with the associated username if you want.

[FaT3oYCG]

if you dont mind having one password then simply add a password to the script and a password protecy feild to the form and check it, but if you want people to register to your site and have their own passwords then you need user registration

[fran1942]

thanks, but what about using a session ie. I have a login page, that establishes the page, and creates a session. The phpUpload.php will only be served if the session is valid.

 

Is that good enough ?

 

Thanks

[xtopolis]

Is that good enough ?

That's up to you.

 

A session is just a way of tracking data between the server and client for a limited amount of time.  If you build a simple login session then your site will be as secure as you decide.

 

ideas: HTTP Authorization header, php/DBO user login, captcha system, limit to ip, javascript authorization(weak), etc.etc