[ic] Downloadable softgoods - my solution
Gabriel Cooper
gabriel.cooper at mediapulse.com
Mon Jul 14 17:00:28 EDT 2003
Russell Mann wrote:
>I don't want to allow open Indexes. This would compromise security on the
>products. Do you have open indexes for this solution?
>
>
I do a PERL readdir() to grab the list of files in the directory then
pump them out as links on a generated HTML page. Either way (yours,
where the list is compiled or mine, where the list is generated) they
still know the filename. The important thing is that they can't do
anything with that information.
Though, even if the user knew the exact path to the document (which the
user doesn't, in either case), how would he get access to it without
logging in and thus validating himself? e.g. if you knew the file was
physically located in
/home/sites/mysite.com/digitaldocs/sku123/my_secure_document.doc, how
would you get to it illegitimately?
More information about the interchange-users
mailing list