Welcome to WebmasterWorld Guest from 184.108.40.206
Forum Moderators: open
But I want to prevent the client from downloading the file.
If you would prevent this, the browser couldn't access it either, rendering your whole script useless.
I know it's difficult to accept, but anything that can (and should) be read by your browser can be read/downloaded by the client/visitor
Unfortunately, my redirection does not work with links, using HTTP_REFERER. Any ideas on this. As in, even if download prevention is not possible, how can I force a redirection from a hyperlink. In other words, I want my script to only recognise requests from the <script> tag.
Thanks in advance.
I think there is a solution to your problem though (if i understand it correctly).
If this is your php-script:
that looks somewhat like this:
$_SESSION['checkAccess'] = md5(mktime());
if (isset($_GET['ca']) && isset($_SESSION['checkAccess']) && $_GET['ca'] == $_SESSION['checkAccess'])
// output script
echo "alert('you are not allowed to access this script');
if this does not make sense let me know and i'll explain it
That's in no way perfect protection, but it will put off the casual snooper, and for anyone with enough skill to "reverse engineer" it, the time required might cause them to find more productive things to do.
Regarding the linking thing, one approach would be to do some referer and cookie based checking, so that e.g. the JS file can only be fetched by a client within X seconds of the HTML page being retrieved. Again, not hackproof though.
regarding the referer and cookie thing: i would advise against that. Like i said before: referers are sometimes not even passed on by the browser and besides the fact that cookies are easy to alter, they could also be disabled and then your script won't work anymore.
i think the php-session thing i proposed is a far more stable solution
zCat's suggestion of obfuscation seems like a good idea. Thanks a lot indeed.