3 Replies - 548 Views - Last Post: 06 June 2012 - 04:18 PM

#1 nautica17  Icon User is offline

  • D.I.C Head

Reputation: 6
  • View blog
  • Posts: 155
  • Joined: 28-August 09

Restricting files for unauthorized users

Posted 03 June 2012 - 08:19 AM

Hi everyone, I've just gotten into web development and have run into the following issue, so forgive me if it's obvious. I've also searched for an answer everywhere and haven't found a solution yet.

Basically I'm making my own website but it has a private section in it that you log into with personal pictures and videos. I stream videos based on a link using the local machine's installed media player. Now, my question is how to prevent someone from just taking a link to say a video and viewing it if they are not logged in? Basically someone could guess a link theoretically and gain access.

Stuff I've tried so far:
-I have tweaked apache do restrict browsing of directories.

-I've also experimented with totally blocking access to files of certain formats by editing the httpd.conf file but that restricts those videos/pictures for everyone.

-Also tried hotlinking protection but that still blocked access for everyone. (I was certain this would work but apparently either I did something wrong or there is another way.)


Is there a way to manage file restrictions so that only logged in users have access to files? Do I have to change directory permissions where the files are?


My setup:
Ubuntu 12.04 Server
Apache2
PHP and MySQL to create my login authentication and store user data if that helps.

Is This A Good Question/Topic? 0
  • +

Replies To: Restricting files for unauthorized users

#2 TechnoBear  Icon User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 222
  • Joined: 02-November 11

Re: Restricting files for unauthorized users

Posted 04 June 2012 - 12:39 PM

look into .htaccess I don't have anything to hand right now, try google, but that will require a login to access whichever folder(link) you choose to use it on.

Sorry i didn't have anything to hand but atleast you now have something you can look into. If you need more i can look at my setup a little later. Can't get into the web development computer until after 3:30pm CST
Was This Post Helpful? 1
  • +
  • -

#3 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6063
  • View blog
  • Posts: 23,516
  • Joined: 23-August 08

Re: Restricting files for unauthorized users

Posted 04 June 2012 - 12:45 PM

Suggestion: Keep the files outside of the webserver's directories and serve them up only through a script.
Was This Post Helpful? 1
  • +
  • -

#4 nautica17  Icon User is offline

  • D.I.C Head

Reputation: 6
  • View blog
  • Posts: 155
  • Joined: 28-August 09

Re: Restricting files for unauthorized users

Posted 06 June 2012 - 04:18 PM

Thank-you, I will look into these suggestions.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1