Solved

Authenticate an .exe file

Posted on 2004-04-22
2
209 Views
Last Modified: 2008-07-03
Hello,

Using PHP/MySQL I have a login form.  When a user successfuly logs in a session is established and they are redirected to a downloads page. This downloads page checks to ensure the session is established.  If it is, then the user can view the possible downloads.  One of the downloads is a .exe file.  Well, how can I ensure that the .exe link is authenticated as well?  For example, what is the user types in the address bar www.website.com/downloads/program.exe without logging in.  Well, in theory they have bypassed the authentication process and are able to get to the .exe.

Thanks in advance.
0
Comment
Question by:rudyflyer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
CosminB earned 125 total points
ID: 10896628
you can put your files outside your webserver's directory and download them width a download script
smth. like this
======= download list ==========
<a href="download.php?file=file1.exe">
<a href="download.php?file=file2.exe">
<a href="download.php?file=file3.exe">

======= download script ========
<?php
header('Content-type: ...'); //you can find the apropiate headers on http://www.php.net/header

if ($_GET['file'] == 'file1.exe')
   readfile('/path/to/your/downloads/file1.exe')

?>
0
 
LVL 10

Expert Comment

by:eeBlueShadow
ID: 10899111
Like CosminB says, what you essentially do is to sit the file somewhere on your server and collect it through PHP. This also has the advantage that you use the PHP file to update a counter for example, of how many times each file was downloaded

One extension to this is that you don't actually have to move the exe files. Create a file called .htaccess in the same folder as the .exes (or add the following lines to the file if it already exists)

<Files *.exe>
    Order deny,allow
    Deny from all
</Files>

This will make it impossible for people to get directly to the program files (assumes the server is Apache)
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question