brink668
Posts: 11
|
| Posted: 05/01/2009, 7:50 AM |
|
Is it at all possible to restrict certain users from being able to view a folder? Like for example
Http://localhost/folder2/
I want certain users to view the content of the folders, but other users not to be allowed access. I already have usergroups in place. Thanks
|
 |
 |
melvyn
Posts: 333
|
| Posted: 05/01/2009, 9:19 AM |
|
1) You can restrict them with apache.
2) You can place there an index.php page which redirect the user to a proper place according to it's groups settings.
3) You can place a blank (empty) index.html file which will prevent directory listing.
I guess you can be more confiden with the second, so you can simple place and index and when the user isn't allowed simple redirect to somewhere.
The first one can be effective, and you can do it setting in apache or modify at runtime:
<Directory /folder2/>
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
As above everbody get access to listing the 'folder2' content
<Directory /folder2/>
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
Now nobody can list it's content now. Anyways you can set permissions for the last one allowing some users setting in apache.
Again: I reccomend the second option: the index.php
_________________
Melvyn Perez
Puro Codigo
http://purocodigo.com |
|
|
|
brink668
Posts: 11
|
| Posted: 05/01/2009, 9:54 AM |
|
thanks for the response, I ended up doing, index.php as i thought folder restrictions that might get crazy. Figured I might as well ask, as you never know if theres another way.
|
|
|
|
DonP
|
| Posted: 05/01/2009, 12:33 PM |
|
The index.html file will prevent casual directory browsing but, as far
as I know, only an .htaccess entry will truly secure the folder from
having the files found by search engines. This, of course, would make
things a little more difficult for the folders' legitimate users without
some very custom coding.
Don (DonP)
brink668 wrote:
> Is it at all possible to restrict certain users from being able to view a
> folder? Like for example
>
> Http://localhost/folder2/
>
> I want certain users to view the content of the folders, but other users not to
> be allowed access. I already have usergroups in place. Thanks
> ---------------------------------------
> Sent from YesSoftware forum
> http://forums.codecharge.com/
>
|
|
|
|
melvyn
Posts: 333
|
| Posted: 05/01/2009, 1:15 PM |
|
Quote DonP:
The index.html file will prevent casual directory browsing but, as far
as I know, only an .htaccess entry will truly secure the folder from
having the files found by search engines. This, of course, would make
things a little more difficult for the folders' legitimate users without
some very custom coding.
Don (DonP)
If the page is protected how the search engine will find its content ?
If there isn't any link to page search engine will not find it.
Password protection provided by CCS will prevent search engine.
_________________
Melvyn Perez
Puro Codigo
http://purocodigo.com |
|
|
|
DonP
|
| Posted: 05/18/2009, 8:02 PM |
|
Admittedly I am not an expert in security but I know from experience
that some search engines pillage and plunder every single document on a
site that was not physically blocked by the server: ie by .htaccess or
specific file permissions. Case in point was the spider for the Excite
search engine. Headers and other coding to say to "stay out" did no good
and even links to information within scripts (I was using Perl at the
time) were being indexed and added to their database! That was a long
time ago and maybe they've changed their ways but somehow I doubt it. I
would rather err on the side of safety if something is critical and not
rely on coding within a script to protect it.
Don (DonP)
melvyn wrote:
> Quote DonP:
> The index.html file will prevent casual directory browsing but, as far
> as I know, only an .htaccess entry will truly secure the folder from
> having the files found by search engines. This, of course, would make
> things a little more difficult for the folders' legitimate users without
> some very custom coding.
>
> Don (DonP)
>
>
> If the page is protected how the search engine will find its content ?
> If there isn't any link to page search engine will not find it.
>
> Password protection provided by CCS will prevent search engine.
> _________________
> Melvyn Perez
> Puro Codigo
> http://www.purocodigo.com
> ---------------------------------------
> Sent from YesSoftware forum
> http://forums.yessoftware.com/
>
|
|
|
|
|
