Results 1 to 2 of 2
  1. #1
    Join Date
    Mar 2007

    Unanswered: How to secure a web folder?


    I have a site where I would like to store some files in a folder and for only authenticated users to have access to the files in that folder? Does any body know how to secure a folder in this manner? I know you can do something simliar using basic http authentication but this pops up an ugly dialogue box asking for username/password. Is there a way to check if a user is authenticated on the server side and if validated the user can have access to the files?


    if user is authenitcated then and only then should they be allowed to access myfile.doc

  2. #2
    Join Date
    May 2009
    Quote Originally Posted by maneetpuri

    As you do not want to use HTTP Authentication, what you can do is create a login page and give URL of the same to the users you want to share these files. Then you will have to create the a database of username & passwords, which will be used by your users to login and for your application to authenticate the user, once logged in then you can parse the directry listing of this folder and show links to the users to downalod or open these files.

    Hope this helps.



    Maneet, nice answer!

    Indeed, you will need to create a login script that authenticates users. The username/passwords can be stored on a text file or database. The passwords should be stored encrypted (on the text file or database).

    The directory with the secret files should be password protected (with web server mechanisms).

    Additionally, you will need a script that lists the content of the protected file
    directory and another one that serves the protected files.

    1. Only the scripts have access to the protected directory.
    2. The users need not to know about the protected directory.
    3. The users see the listing of the protected directory through a script.
    4. The protected files are served by a script.
    5. The script can be written in ASP.NET, PHP, JSP, Python, etc.

    For example:
    1. User login via
    2. User sees directory listing via
    3. User download a file via

    The script get_file.php has (read) access to the protected directory.

    I can show you an implementation in PHP, if you need. Just let me know.

    Leonel Machava
    Last edited by leonel.machava; 05-15-09 at 15:23.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts