Integrating Member Database to Protect File Access From Public

Someone I know uses a hosting service to password protect folders from being indexed via the hosting service. Downside, someone who Google’s a specific file (.pdf) from that folder can still get access to it (which is bad). Only members (over 100) are allowed to access these files.

The member database is used to give access to members to their membership section. But how can I integrate that database of username/passwords to only allow those users to download the .pdfs instead of outsiders? I assume I would have to create an .htaccess file. But how would that file be set up? Editing the .htaccess for each and every member’s access is pretty much out of the question because the membership changes as well has these users passwords (high maintenance).

Any suggestions?

Obviously too big of a risk.

Place the documents outside of the www root, then use PHP to read the file data and serve it to the user (if allowed).

No .htaccess needed. :slight_smile:


I agree.

Of course if access above the root is not possible (since some hosts don’t allow it) then the next best alternative is to use a folder within the root, use .htaccess in that folder to specify that it is password protected, and then not supply any valid logins so that there is no way to login to that folder. You can then use PHP the same way as you would if the files were above the root to read them from that folder and deliver them to your logged in users.

So if access above the root isn’t possible then you can still achieve almost the same thing using a .htaccess file.

You could dynamically manage .htpasswd, Downside is you have to give it write permissions.

why is it not possible? I would agree this would be the best solution if you can get it working.

Doesn’t seem like it would be possible. I just checked. Any other alternative?