Prohibiting direct file downloads

J. Landman Gay jacque at hyperactivesw.com
Mon Oct 10 23:54:08 EDT 2011


I'm not sure if this is OT or not. I want a web page to deliver a file 
when the user clicks on a download link, but I don't want the file 
delivered if the direct URL is entered into the browser location bar.

I have a CGI that provides access to a download page for only those who 
are authorized to be there, and who can enter correct credentials. The 
hole in the system is that if they copy the download link from the 
protected page and give it out, the file can be downloaded by anyone who 
has that link.

I found some info about htaccess files that seems to indicate there is a 
setting I can use to prevent that, but the examples I tried didn't work.

Does anyone know a way to do this? I'm not adverse to writing another 
CGI if I have to, but it would be easier to let Apache handle it if 
possible.

If not, has anyone delivered largish files via CGI (about 6 megs.) I've 
never tried it. Can a CGI script just do a "put" of the file? This is 
the old-style CGI engine, not the new irev server.

-- 
Jacqueline Landman Gay         |     jacque at hyperactivesw.com
HyperActive Software           |     http://www.hyperactivesw.com




More information about the Use-livecode mailing list