I'm writing a script that will allow certain useres to download certain files.
But, i'm usure on how i can make this as secure as possible. I have 3 ideas on how i can do this, but i want to hear if anybody here has comments or other smarter solutions.
1. E-Mail the file
When a user press the download link, the file will be emailed to the user. This is bad if the file is big, and the user has a hotmail account.
2. "Stream" the file to the client
A user press the download link, and the file is opened by a php script, read and sendt directly to the user. I have to send spesific headres, depending on the file type. This often causes problemes when you want to save a file, it is named after the php script, and not the original file name.
3. Copy the file to a temporary folder, download it just the way you download any other file
A user presses the download link. The file is copied to a folder named like this: md5(microtime()). The user can download the file just as he please. But other people could also download it. I could password protect this directory. But then the script requires apache, Allow Override and all sorts of other stuff. I don't want that. I laso have to write a script that removes old folders. I don't want that either..
Any other smart solutions, og suggestions are higly appriciated.