Prohibiting direct file downloads
J. Landman Gay
jacque at hyperactivesw.com
Mon Oct 10 23:54:08 EDT 2011
I'm not sure if this is OT or not. I want a web page to deliver a file
when the user clicks on a download link, but I don't want the file
delivered if the direct URL is entered into the browser location bar.
I have a CGI that provides access to a download page for only those who
are authorized to be there, and who can enter correct credentials. The
hole in the system is that if they copy the download link from the
protected page and give it out, the file can be downloaded by anyone who
has that link.
I found some info about htaccess files that seems to indicate there is a
setting I can use to prevent that, but the examples I tried didn't work.
Does anyone know a way to do this? I'm not adverse to writing another
CGI if I have to, but it would be easier to let Apache handle it if
possible.
If not, has anyone delivered largish files via CGI (about 6 megs.) I've
never tried it. Can a CGI script just do a "put" of the file? This is
the old-style CGI engine, not the new irev server.
--
Jacqueline Landman Gay | jacque at hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
More information about the use-livecode
mailing list