php - How to restrict certain files on apache to authenticated users? -
in site uses normal, cookie-based authentication password stored on cookie, there way serve files users logged in?
short answer: no.
long answer: can write authenticated application user has login , application manages compilation of headers , whatnot user access given file. instance, if users need download pdf or can send pdf headers , send binary data; won't able see file on server you're serving up. downside slower pushing them file filesystem or cdn.
also, don't store password in cookie. create hash or can access , validate again, password in cookie bad idea; guys plaintext!
php apache security authentication post
No comments:
Post a Comment