[TriLUG] a webmastering question

Richard O. Hammer ROHammer at EarthLink.net
Tue Sep 16 19:08:26 EDT 2003


In my role as webmaster for a local organization 
<http://www.canecreekcloggers.org/>, I am trying to figure out how to 
serve MS Word files with HTTP to only those users who have 
authenticated themselves.

It seems like there ought to be an easy and obvious way but I haven't 
found it yet.  The site is running on Debian GNU/Linux, with Apache 
1.3.27 and PHP/4.3.

I can make a few steps toward the goal:
  . I can use sessions with PHP, and thereby allow only authenticated 
users beyond a certain point in any PHP script.
  . I can put .doc files on the server and open them just fine.  On my 
Windows computer both Netscape and IE do the right thing, opening the 
file in MS Word.
  . I can serve a .doc file to an authenticated user with the PHP 
virtual() function.

But every way that I have thought of so far has this weakness: an 
unauthenticated user could load the .doc file directly, without going 
through my PHP script, if that user happened to learn the URL of the 
.doc file.  My PHP scripts do not seem to have any more permissions to 
access files than the permissions which are granted to any browser.

Any suggestions?

Thanks,
Rich Hammer

P.S. have a good hurricane!





More information about the TriLUG mailing list