ala888 Posted August 3, 2014 Share Posted August 3, 2014 is there any fundamental difference between these two approaches to limiting access? which one is better?/safer ? Link to comment Share on other sites More sharing options...
niche Posted August 3, 2014 Share Posted August 3, 2014 htaccess : reflected in its name - was to allow per-directory access control from web follow the link for configuring htaccess : http://www.freewebmasterhelp.com/tutorials/htaccess/1 chmod : change file access permissions(for read, write and execute), for the user, group, other on the operating system Link to comment Share on other sites More sharing options...
justsomeguy Posted August 4, 2014 Share Posted August 4, 2014 htaccess and file permissions don't have a lot to do with each other. If you have a file that you need to be accessible online then you need to give the web server permission to read that file, which is the file mode. You could use htaccess to require a username and password, for example, but the web server won't be able to read the file at all if it doesn't have access. File permissions are not set on a per-user basis. A single file does not have different permissions for different users of your application. Instead the web server itself has access to the file, and you use your application to determine if the user can access that file. You might use htaccess in there also.For example, my application has a directory full of files that have been uploaded by users. The web server needs read and write access to those files, so the permissions on the files are pretty loose. There is an htaccess file that redirects all requests for any file in that directory to a PHP script, and that PHP script checks if the user is logged in and, if so, opens the file and sends the contents to the user. If not, then it sends back a 403 response. That means that only people who are logged in to the application can download those files. Someone can send a link to one of them to someone else, but they won't be able to see the file contents unless they are logged in. Link to comment Share on other sites More sharing options...
ala888 Posted August 4, 2014 Author Share Posted August 4, 2014 (edited) is there one that is higher up in the lookup chain than the other? i.e. if they have conflicting settings regarding access, which one would win out? Edited August 4, 2014 by ala888 Link to comment Share on other sites More sharing options...
justsomeguy Posted August 4, 2014 Share Posted August 4, 2014 If anything says that access is denied, then access is denied. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now