Jump to content

I want to protect my files

abdfahim

By abdfahim
in PHP Coding Help

 Share

Recommended Posts

abdfahim Advanced Member

abdfahim

Posted
Posted

Hi,

 

I have some flash files and also some PHP files in a folder called "classes" which I inlcuded/embeded in my other PHP files.

 

What I want is nobody can directly go to "www.mysite.com/classes" to protect downloading those files.

 

Also I want to disable file listing when somebody point to any directory.

 

How can I do those?

Link to comment
https://forums.phpfreaks.com/topic/267035-i-want-to-protect-my-files/
Share on other sites
xyph Advanced Member

xyph

Posted
Posted

In order to run the Flash files, the user must download them.

 

If you want to restrict access to them, put them outside of the webroot and read/output them using a PHP script that verifies credentials.

 

To restrict directory listing, you'll have to let us know what webserver you're using, or simply include and index.html file in every directory.

scootstah Member

scootstah

Posted
Posted

If you're using Flash, unfortunately anyone can download the stream very easily, as long as they can view it.

 

To prevent directory indexing in Apache, add this to a .htaccess file: Options -Indexes.

 

This directive will work for any subdirectories as well, from just the one file.

abdfahim Advanced Member

abdfahim

Posted
  • Author
Posted

thanks both of you ... My server is Apache  running on Linux ....

 

I'll definitely use that -Indexes command.

 

For protecting files from download, is there any way except putting them outside webroot? Can't I use htaccess to restrict direct access to those folders? I Googled and found lots of example, but I couldn't properly tweak those to make it perfect for me, as I have no experience in htaccess.

 

The code I tried to do was to redirect to webroot (www.mysite.com) whenever someone try to direct access that directory (www.mysite.com/classes). But I was stuck in 2 kind of scenarios:

 

1. That directory was protected but the server PHP files also failed to access. Hence I got all those "includes" inside PHP file not working

2. There was infinite loop while redirecting

 

 

 

 

scootstah Member

scootstah

Posted
Posted

Flash has to be viewable by the client/browser, and so you can't put it in a non-publicly facing directory. Since the browser can see the file, it is very easy to download with one of the many Firefox plugins, or by just finding the resource header.

 

However, I believe you can hide downloads from clients using HTML5 WebSockets, but I'm not positive. I do know that GrooveShark.com switched to an HTML5 player a while ago, and you can no longer download songs with the methods I was talking about above - but you used to be able to, when they had a Flash player.

 

On the other hand, if you don't plan on streaming the Flash files, then you can hide them from the public, and just use a forced download header to download them when requested.

Christian F. Member

Christian F.

Posted
Posted

Just to clear up a misconception you seem to have: PHP doesn't include the file. It generates a HTML page, which has a link that tells the browser where to find the flash file. The browser has to download the flash, in order to be able to play it. Just like it has to download the page, in order to show it.

Compare it to a book: If you want me to be able to read the book, you have to give me a copy of it. You cannot lock it down in a safe, and still expect me to be able to read it.

scootstah Member

scootstah

Posted
Posted

 

so isn't there any way to protect a folder from direct access (but enable php inclusion)?

 

Yes. For PHP files, you can either restrict access with a .htaccess file, or put the files outside of the docroot. BUT, neither of those will work for Flash files, because the browser has to be able to access them. You can't (to my knowledge) fetch a Flash file with PHP in a way that makes it not possible to download.

abdfahim Advanced Member

abdfahim

Posted
  • Author
Posted

Hi,

 

Another question. If I want to block direct access to my "includes" folder where I have base PHP files (only PHP files) which are included throughout the site, is it enough I just disable directory listing using following commands in htaccess? Or I should take some more precautions to protect my code?

 

.htaccess

Options -Indexes

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.