TP-Docs
HTML5 Icon HTML5 Icon HTML5 Icon
TP on Social Media

Recent

User

Welcome to TinyPortal. Please login or sign up.

Stats

Members
  • Total Members: 3,966
  • Latest: safir45
Stats
  • Total Posts: 195,982
  • Total Topics: 21,320
  • Online today: 278
  • Online ever: 8,223 (February 19, 2025, 04:35:35 AM)
Users Online
  • Users: 0
  • Guests: 281
  • Total: 281

remove .htaccess from tp-downloads directory?

Started by jamesk, December 14, 2007, 06:00:20 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

jamesk

December 14, 2007, 06:00:20 PM Last Edit: December 15, 2007, 02:45:05 PM by jamesk
Is removing the .htaccess from the tp-downloads directory ok (from a security standpoint)?

What I'm looking to do is have certain allowed members upload files, but anyone download from outside the forum (ie main site)...

My thought is to use PHP's built-in readdir() or glob() function to read the tp-downloads directory and run a foreach loop to link to each file.

I'm thinking of doing it this way as I want to keep track of who uploaded which file...

G6Cad

#1
December 14, 2007, 06:05:34 PM
Not quite so good no, that file is the file that prevent anyone from downloading your content directly with out any controll what so ever, so you should leave that file alone in there.

jamesk

#2
December 14, 2007, 06:23:19 PM Last Edit: December 14, 2007, 06:38:16 PM by jamesk
Yes, but I WANT anyone to be able to download.

I just want to be able to control what goes INTO the directory...

I'm just wondering if I'm opening up other security issues, not who downloads from the directory.

IchBin

#3
December 14, 2007, 07:26:59 PM
It will do what you want. But that means people can hotlink your stuff on other sites without you knowing.

jamesk

#4
December 14, 2007, 07:58:47 PM Last Edit: December 14, 2007, 08:02:23 PM by jamesk
Thanks...  I just wanted to make sure there was nothing special about the tp-downloads directory.  The download files themselves are just going to be .doc/.txt files for something similar to a newsletter, so the more downloads (even from other site hotlinks), the better (for now at least).

I guess the real downside to doing it this way is that it renders the permissions in the DL manager useless  :-\ 

I just can't think of a better way to have some control on who uploads to the site, and an automated way to make the uploads available to download for people who aren't very computer literate...

Actually, now that I think about it, maybe I can maneuver the TPdlmanager.template.php so that it looks like just a regular page with a listing of downloads/links...

Thanks again...

Oh, one thing:

QuoteBut that means people can hotlink your stuff on other sites without you knowing.

Wouldn't they be able to do that anyways if I left the download option open to guests?

IchBin

#5
December 14, 2007, 08:48:25 PM
No, because the .htaccess file only allows the domain its on for downloading. Any domain that is outside the downloads domain is not allowed to hotlink.
Print
Go Up Pages1
User actions

This website is proudly hosted on Crocweb Cloud Website Hosting.