User Tools

Site Tools

Trace:
securing_files_with_php_sessions

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
securing_files_with_php_sessions [2020/06/27 22:46] waxphilosophicsecuring_files_with_php_sessions [2020/07/02 11:20] (current) waxphilosophic
Line 3: Line 3:
 ===== Summary ===== ===== Summary =====
  
-I write ebooks. Some of them I publish. I like to improve my stories by getting feedback from beta readers before the stories get released. Sharing on a web site is an easy answer, but obviously I don't want to share with the entire world.+I write ebooks. Some of them I publish. I like to improve my stories by getting feedback from beta readers before sending them to the publisher. Sharing on a web site is an easy answer, but obviously I don't want to share with the entire world.
  
 Previously, I relied on a simple Apache .htaccess file to restrict a directory to only those who knew the shared password. Then, Nginx came along with it's "we don't do distributed configuration" attitude. Previously, I relied on a simple Apache .htaccess file to restrict a directory to only those who knew the shared password. Then, Nginx came along with it's "we don't do distributed configuration" attitude.
Line 155: Line 155:
     exit();     exit();
   }   }
 +?>
 </code> </code>
  
Line 163: Line 164:
 Good, you're paying attention. I mentioned from the start that my intention was secure ebooks from prying eyes. So far I've only managed to secure index.html at best. Good, you're paying attention. I mentioned from the start that my intention was secure ebooks from prying eyes. So far I've only managed to secure index.html at best.
  
-For the rest, I rely on a download.php script that can read the contents of any file from any directory it has permission to read from. This includes directories outside of the ~/html hierarchy. All I have to do is add the snippet of PHP code that checks for a valid session and the download.php script becomes password protected as well. And, since it's the only way I've provided to gain access to a file outside of ~/html, a direct link strategy won't work.+For the rest, I rely on a download.php script that can read the contents of any file from any directory it has permission to read from. This includes directories outside of the ~/html hierarchy. All I have to do is add the snippet of PHP code that checks for a valid session and the download.php script becomes password protected as well. And, since it's the only way I've provided to gain access to a file outside of ~/html, files can't be downloaded by a direct link.
  
 You can find it here: [[a_simple_php_sqlite_download_counter|A Simple PHP/SQLite Download Counter]] You can find it here: [[a_simple_php_sqlite_download_counter|A Simple PHP/SQLite Download Counter]]
Line 171: Line 172:
 This is just a simple example of protecting your files. There is a lot of room for improvement, but in terms of getting the job done quickly and easily, it's a good start. This is just a simple example of protecting your files. There is a lot of room for improvement, but in terms of getting the job done quickly and easily, it's a good start.
  
 +==== Reference ====
 +Concerning PHP Session Security: https://stackoverflow.com/questions/10165424/how-secure-are-php-sessions#10165602
  
securing_files_with_php_sessions.txt · Last modified: 2020/07/02 11:20 by waxphilosophic