how to protect a file from regular URL Access

Hi there, my head is spinning from this logical problem

ok, here is the problem, I require a user to be logged into website, then they can get a link which points to a file (the admin has recently uploaded (its a pdf document). ok thats simple right....well "what if" another user knows the filename of that document and also knows the website address where that file would be uploaded to. this means they they would not need to be logged into the website. they can simple go directly to that file..this ia really important to me that i can stop this type of access..

obviously cannot do theis using file permissions of folders in FTP client because that means the link i provide on ther website will also not be able to access the same file.

I have thought about .htaccess but i dont know what to change in that file. I thought about "masking" the filename or directory name but having no success with that at the moment. if the solution is .htaccess then not sure if the bottom of the browser would still display the true link.

also it is documented that i upload files off the website root. however how cna i do this? I am using a shared hosting. so how could i access off the site root?

chris

the only way to protect the file from URL access is to place it outside of the web root.

Contact your host to see what your options are for creating a location outside of the webroot for storing files. If they will not allow for storing files outside of the web root, you will need to find another hosting option.

ok that does make sense. once i have found a hosting that will allow me to do this, could you give me an example on how i could use php code to reference a file outside the web root? (at the moment i am storing the file name in a database field and using it as dynamic link text on my page...but how would i change this so that it references outside my web root??

chris

Use the Download File behavior built into Universal Email.