[nautica17]

Hi everyone, I've just gotten into web development and have run into the following issue, so forgive me if it's obvious. I've also searched for an answer everywhere and haven't found a solution yet.

Basically I'm making my own website but it has a private section in it that you log into with personal pictures and videos. I stream videos based on a link using the local machine's installed media player. Now, my question is how to prevent someone from just taking a link to say a video and viewing it if they are not logged in? Basically someone could guess a link theoretically and gain access.

Stuff I've tried so far:
-I have tweaked apache do restrict browsing of directories.

-I've also experimented with totally blocking access to files of certain formats by editing the httpd.conf file but that restricts those videos/pictures for everyone.

-Also tried hotlinking protection but that still blocked access for everyone. (I was certain this would work but apparently either I did something wrong or there is another way.)


Is there a way to manage file restrictions so that only logged in users have access to files? Do I have to change directory permissions where the files are?


My setup:
Ubuntu 12.04 Server
Apache2
PHP and MySQL to create my login authentication and store user data if that helps.

[TechnoBear]

look into .htaccess I don't have anything to hand right now, try google, but that will require a login to access whichever folder(link) you choose to use it on.

Sorry i didn't have anything to hand but atleast you now have something you can look into. If you need more i can look at my setup a little later. Can't get into the web development computer until after 3:30pm CST

[JackOfAllTrades]

Suggestion: Keep the files outside of the webserver's directories and serve them up only through a script.

[nautica17]

Thank-you, I will look into these suggestions.