限制文件下载 [英] Restricting file downloads
问题描述
购买完成后,客户应该被带到包含下载链接的页面,以及接收包含下载链接的电子邮件和包含将为他们创建的帐户的信息的电子邮件(他们也可以从其帐户的控制面板下载) 。我想知道的是我如何隐藏/掩盖文件在我的服务器上的位置,以便购买它的人不能简单地将直接链接复制到其他位置的文件。即使我要求下载文件链接 http://example.com/blah / download / 454643 ,一个不符合文件实际位置的URL,我认为可能仍然可以在服务器上找到该文件?我真的不太了解权限如何在我的服务器上工作,这就是为什么我问。感谢提前:)
您基本上不向用户提供该文件的直接URL。基于服务器的权限在这里没有任何关系。
假设您将所需的文件保存在/data/files/file.pdf(存储文件的良好做法)的网页)。
您可以为用户提供一个下载链接,看起来像/download.php?auth=32
当用户点击链接时,download.php将检查会话/ cookie是否被验证,并且下载ID是否有效(如果您有基于时间的下载过期)
然后download.php将从其位置读取所需的文件,并将其发送到浏览器头部强制下载。
I'm currently creating a website for a client that will basically involve selling various files. This is obviously a really common thing to do, which is making me feel kind of foolish for not thinking of a method for doing it.
Once the purchase has been made the customer should be taken to a page containing the download link, as well as receiving emails that contain a download link and an email with information about an account that will be created for them (they will also be able to download from their account's control panel). What I'm trying to figure out is how I can hide/obscure the file's location on my server so that one person who buys it can't simply copy and paste the direct link to the file elsewhere. Even if I make the request to download a file a link of the format http://example.com/blah/download/454643, a URL which does not correspond to the actual location of the file, I think it might still be possible to locate the file on the server? I don't really understand too much about how permissions work on my server, which is why I ask. Thanks in advance :)
You basically don't give the users the direct URL to the file. Server based permissions have nothing to do here.
Say you have the required file(s) saved in /data/files/file.pdf (good practice to store files out of your web root). You can provide the users a link to download which looks something like /download.php?auth=32
When a user clicks the link, download.php will check if the session/cookie is authenticated and if the download id is valid (in case you have time based download expiry) Then download.php will read the required file from its location and send it to the browser with appropriate headers to force download.
这篇关于限制文件下载的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
