On Apr 11, 2006, at 4:27 AM, Giovanni I. wrote:
How can I allow people to download files only if they’re
authorised? I obviously can’t store all the files in /public
because once someone figures the naming scheme they’re able to view
other customers’ data.
Although probably not the best way, this worked well for me because I
had literally thousands of different files which needed authorized
access. Each account only had access to a unique subset of those
thousands of files, and some files were larger than 1 GB. I was using
Apache, so I don’t know how well this will work with lighttpd. This
is how I did it:
- Place the secure files into a private directory.
- When an account needs access to a file, create a public directory
with a unique name (impossible to guess).
- Create a symbolic link in the new public directory linking to the
file in the private directory.
- When you want the link to expire, just remove the sym link and/or
Of course, this was all scripted so nothing had to be done manually.
If you are just dealing with small files or only one file, there are
definitely better ways to handle this.
Hope that helps.