CHMOD file permissions question.

[corillo181]

i have a few question about file permissions.

which is the best way to set a permission to a mp3 tha ti can play on the website, but if anyone try to get it from the directory they wont be able to?

 

like if i am playing thissong.mp3 and someone went to the directory to try and get the file music/songs/thissong.mp3 they would get some kind of error.

 

also for folders that don't have a index file. which permission would be the bes tinstead of creating a number of index for each, but not give a use permusic to see the context if the go to

mydirectory/functions/

[kratsg]

I guess you could try an .htaccess file in there, just deny all users (although I'm not sure what type of user a php script is considered)

[corillo181]

isn't .htacces control by your  service provider?

[corbin]

So you mean like a song will play from http://somesite.com/somepage.php and where it won't play from http://somesite.com/songs/song.mp3?

[corillo181]

yes i try setting the permission of the songs to 666 but it doe snot play in the main page.

 

i tried 770 and it works, but i dont know which one will work for folder.

[trq]

File permissions will not stop anyone from being able to download them directly. Most files on yuour web site need only be 644.

 

Your second question is unreadable.

[corillo181]

File permissions will not stop anyone from being able to download them directly. Most files on yuour web site need only be 644.

 

Your second question is unreadable.

 

so what you are saying all those music website that sell music  have no security at all?

you can still go in to their directory and take their music?

[trq]

so what you are saying all those music website that sell music  have no security at all?

you can still go in to their directory and take their music?

 

Not at all, its done with a rule in there .htaccess file, or they keep there mp3's outside of the web root.

[corbin]

You should either look into .htaccess conditioning the referer directive, or you should look into a PHP script that would take an arguement and either validate the user and output the mp3 content or error out if the arg was invalid.

[corillo181]

and the htaccess is only control by your services provider? is there anyway i can make a htaccess that would listen to the commands on the web root?

[corbin]

corillo, I'm not quite sure what you're asking, but this might help:

 

When you make a request to Apache, it will look for a .htaccess file in the folder of the request, in the folder above that folder and so on until it hits the web root.  If it finds a file it loads the commands in that .htaccess file and evaluates them.  Your service provider could choose to restrict htaccess files, but they don't 'control them' in the sense that you mean, I think.  As for that last question, I don't know what you're asking x.x.

[kratsg]

I would suggest putting the mp3 file outside the public_html folder (if you can still access it and play it through a script)

[corillo181]

corbin that was my question; if my provider would let me use htaccess.

i guess ill give it a try, i just wanted to be sure. because i don't want to learn something i wont be able to use.

 

and kart i control the mp3 threw flash, but now they got software that would get the content inside your flash and find out everything you have in it.

[corbin]

http://www.javascriptkit.com/howto/htaccess10.shtml

 

That's an example that blocks requests to images based on referer....

 

You could try testing that before making your own/modifying a script.

 

Basically you just need to make sure your host allows the mod_rewrite module in .htaccess files.