Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m writing a web application that allow user upload their files on the app. The file will be uploaded on the HTTP Server, after the user click the “upload” button. The user can receive the file by getting the file from the path…. …for example: http://www.demo.com/user/abc/download/the_file.jpg
but I found that all the people can access this file using the path. How can I do, or is there a better way to manage the file that only registered user or the file owner can download the file?
Serving a file directly within a script is not an option because of performance issues and it’s not really possible to serve BIG files because of memory limits.
The best option is to use the Apache module mod_xsendfile. The idea is to redirect all requests to a
PHP/Perl/Python script which will just set a HTTP header saying “Hey Apache, serve this file instead” and mod_xsendfile will take care of it.
And the client will never be able to download the file without this authentication.