[nycphp-talk] protecting download directory in PHP app on Unix box?
Ajai Khattri
ajai at bitblit.net
Wed May 28 12:17:23 EDT 2008
On Wed, 28 May 2008, Kristina Anderson wrote:
> Hmm... I like this... if I copy the file to the web server I can name
> the directory after their transaction ID....make unique directory for
> each customer...then delete them after a day or so...we have lots of
> room..is this doable on a shared host? ...outside "public_html" is
> outside the root, or no?
As someone else pointed out, you probably should NOT have Apache serve the
PDF directly. Much better to generate a token that gets emailed to them
when they checkout. During the checkout, you would need to make a record
of the transaction and token. You will need to write a download script
that takes the token, does some checks in your database and then returns
the PDF directly with the correct MIME type.
--
Aj.
More information about the talk
mailing list