homepage Welcome to WebmasterWorld Guest from 54.166.53.169
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library, Charter, Moderators: brotherhood of lan & mack

New To Web Development Forum

    
Redirect/Limit Access to Files
How should this be done?
madcat

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 321 posted 11:52 pm on Feb 8, 2003 (gmt 0)

Hi everyone,

Not quite sure on where this one should go. I have a small application on my hosts server (Unix), that has about 10 regular html/php pages. The admin needs access to all pages, while users should only be able to view certain pages.

Rather than go into detail and get everyone confused, what might be some ways to approach this? Would I have to put each file in its own directory for read permissions? Should I have a separate login for users that redirects them to the correct portion of the application?

Thanks for any help on this!

 

Key_Master

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 321 posted 12:05 am on Feb 9, 2003 (gmt 0)

Does the admin have a static IP from his or her ISP?

andreasfriedrich

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 321 posted 12:33 am on Feb 9, 2003 (gmt 0)

madcat [webmasterworld.com] wrote at 11:52 on Feb. 09, 2003 in message #1 [webmasterworld.com]
Would I have to put each file in its own directory for read permissions? Should I have a separate login for users that redirects them to the correct portion of the application?

This will depend on the method you choose to restrict access. You could do it at the application level, web server level, or even the filesystem level.

At the application level youŽd determine at login time which access level the user has. Then when a request comes in youŽd check whether the userŽs access level is high enough to be granted access to the requested resource.

At the webserver level you could use AuthGroupFile [httpd.apache.org] and AuthUserFile [httpd.apache.org] to tell [url=http://httpd.apache.org/]Apache [httpd.apache.org][/url] about your users and groups and then Require [httpd.apache.org] the right user or group to access a directory.

At the fs level you could use a setuid wrapper script that will assume the required identity to access its files on the server.

Andreas

madcat

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 321 posted 6:48 pm on Feb 16, 2003 (gmt 0)

Thanks for your help. Just out of curiousity, which method do you believe works the best.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved