Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I want know more about download a file when the directory is protected by a http digest authentication.
In fact when I use a PHP script that changes headers to directly download this file, I can download this file without needing to authenticate with HTTP authentication. Why is this? I’m running Apache 2.2 with PHP 5.3 on Debian.
The thing is that the http authentication is set by apache, but the php script can access ANY file on your server, since it’s a local read, not remote.
If you don’t want your script to access the file if not authenticated you should implement the authentication also on the script, not only the files.