Solved

Authenticate an .exe file

Posted on 2004-04-22
2
193 Views
Last Modified: 2008-07-03
Hello,

Using PHP/MySQL I have a login form.  When a user successfuly logs in a session is established and they are redirected to a downloads page. This downloads page checks to ensure the session is established.  If it is, then the user can view the possible downloads.  One of the downloads is a .exe file.  Well, how can I ensure that the .exe link is authenticated as well?  For example, what is the user types in the address bar www.website.com/downloads/program.exe without logging in.  Well, in theory they have bypassed the authentication process and are able to get to the .exe.

Thanks in advance.
0
Comment
Question by:rudyflyer
2 Comments
 
LVL 6

Accepted Solution

by:
CosminB earned 125 total points
ID: 10896628
you can put your files outside your webserver's directory and download them width a download script
smth. like this
======= download list ==========
<a href="download.php?file=file1.exe">
<a href="download.php?file=file2.exe">
<a href="download.php?file=file3.exe">

======= download script ========
<?php
header('Content-type: ...'); //you can find the apropiate headers on http://www.php.net/header

if ($_GET['file'] == 'file1.exe')
   readfile('/path/to/your/downloads/file1.exe')

?>
0
 
LVL 10

Expert Comment

by:eeBlueShadow
ID: 10899111
Like CosminB says, what you essentially do is to sit the file somewhere on your server and collect it through PHP. This also has the advantage that you use the PHP file to update a counter for example, of how many times each file was downloaded

One extension to this is that you don't actually have to move the exe files. Create a file called .htaccess in the same folder as the .exes (or add the following lines to the file if it already exists)

<Files *.exe>
    Order deny,allow
    Deny from all
</Files>

This will make it impossible for people to get directly to the program files (assumes the server is Apache)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now