Jump to content
iwato

Online Storage and Access

Recommended Posts

BACKGROUND:  I am in the process of creating two data collections:  one will contain an eventually long series of weekly newsletters, and the other a similarly long series of weekly podcasts.  Each week the newsletter will be sent out to newsletter subscribers and the creation of a new podcast will be announced.  in contrast to the newsletters whose access will be unlimited to both subscribers and non-subscribers, the podcasts will be made available only to subscribers past a not yet determined number of weeks.  I have not yet decided whether to produce separate newsfeeds (RSS/RFD/ATOM) for the newsletters and podcasts or only one newsfeed for the newsletter.  

In light of the aforementioned scenario I would like to know

How does one typically limit access to the contents of a folder?

Roddy

Share this post


Link to post
Share on other sites

What does this have to do with XML?

On the server, you can configure a directory to require authentication, but that's the most basic kind where the browsers pops up a built-in box for username and password.  You can also configure the server to pass all requests through a server-side script (using htaccess or URL rewriting in IIS), where the script would check for a login session prior to sending the requested file.  You could also store the folder outside of the publicly accessible web directory and again use a server-side script to control access to the files.  Those scripts can get a little tricky with modern browsers though, because you need to account for compression if the browser is asking for it and, importantly, support for partial requests.  The browser may send one request just to check the file size and then send other requests for parts of the file.  That's how streaming works in the browser, it will request only pieces of the file in case you skip to another part of a video or audio recording.  You may also be able to find a way to have the web server authenticate with PHP or another language before serving the file, which would save you the hassle of creating the script to handle the request.

Share this post


Link to post
Share on other sites

JSG:    What does this have to do with XML?

RAS:    I am using PHP to create the XML file for my RSS feed.  The PHP code reads the contents of the folder and from these contents produces a list of editable <item> tags as well as the parent <channel> tag.  As the, thus produced, XML file resides in the same folder as the contents that it summarizes, and as PHP must read the contents of this folder, I must have access to all of the items in the folder.  As it is the contents of this folder to which I wish to limit user access, it is important that I am well able to control access to both the folder and its contents in a variety of ways.

JSG:    On the server, you can configure a directory to require authentication, but that's the most basic kind where the browsers pops up a built-in box for username and password.

RAS:    This sort of folder access is not what I have in mind.

JSG:    You can also configure the server to pass all requests through a server-side script (using htaccess or URL rewriting in IIS), where the script would check for a login session prior to sending the requested file.

RAS:    I did a little research on the net and discovered that IIS is likely not a UNIX procedure.  My remote host server uses LINUX, and my local test server uses Apache.

JSG:    You could also store the folder outside of the publicly accessible web directory and again use a server-side script to control access to the files.  Those scripts can get a little tricky with modern browsers though, because you need to account for compression if the browser is asking for it and, importantly, support for partial requests.  The browser may send one request just to check the file size and then send other requests for parts of the file.  That's how streaming works in the browser, it will request only pieces of the file in case you skip to another part of a video or audio recording.

RAS:    Although the contents of the folder to which I have drawn your immediate attention will contain only podcasts (audio files) do you  think the aforementioned reserverations will still be a concern?  Certainly, I will want that the podcasts to be streamable, I have not yet decided to make them downloadable as well.

Moving quickly ahead to the future, however, I expect to be hosting a folder of webinars as well.  As I have yet to consult with my remote host about its streaming capacity or my access to it.  Can you recommend a PHP class that might be useful in this regard?

JSG:    You may also be able to find a way to have the web server authenticate with PHP or another language before serving the file, which would save you the hassle of creating the script to handle the request.

RAS:    Could you please elaborate on this point?

Roddy

Share this post


Link to post
Share on other sites

I understand that an RSS feed is XML, but the links that go in that XML, the software used to create the XML, and the server security aren't related to XML.  That's why I was asking why a question about directory security was in the XML forum.

little research on the net and discovered that IIS is likely not a UNIX procedure.

IIS is Internet Information Services, the Microsoft web server that runs on Windows.  You didn't say what your environment was so I pointed out that URL rewriting can be done using htaccess in Apache, or another way in IIS.  I assume nginx and other web servers also have a way to set up URL rewriting.

My remote host server uses LINUX

Linux isn't a web server, it's an operating system, like Windows.  Apache, nginx, IIS, etc are web servers.  Your Linux server is probably running Apache.

Although the contents of the folder to which I have drawn your immediate attention will contain only podcasts (audio files) do you  think the aforementioned reserverations will still be a concern?

Yes.  Like I mentioned, browsers often send partial requests for audio or video content.  If you don't support that then the client will wait until the entire file finishes downloading before starting to play it.

Can you recommend a PHP class that might be useful in this regard?

I'm not aware of a class that will do everything, when I implemented directory security and authorization through PHP I wrote that myself.  Things might have changed since then.

Could you please elaborate on this point?

There might be something for your web server, like an Apache module, which is built to take a request and run a PHP script to handle authentication and authorization, or maybe a module that would check your database directly without going through PHP.  I looked into some of those things but at the time I didn't find anything that perfectly matched what I was trying to do.

  • Like 1

Share this post


Link to post
Share on other sites

OK.  I would like to thank you for your help.  I believe that I understand enough now to know where to take up the problem again once I have completed the RSS feed.  By the way, I just learned from my host server that Apache is the webserver application employed, but that PHP files are parsed using suPHP rather than PHP.  I suppose that this is also fairly common for servers who host a large number of accounts with everyone wanting control of his or her own ability to script in PHP.

Have a great evening!

Roddy

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×