Cayce CookBook - Images PreLoad Methods

Password Protect a Folder, but allow Root Directory Interaction


I installed a file upload device on the MAGM site that turned out to open a vulnerability to hackers, so the folder needed to be password protected. This device is for uploading the daily menu as a JPG and as a downloadable PDF. The repository for these assets is a folder within the upload environment's main parent folder. The JPG & PDF are referenced in another html page that retreives the img and PDFfor display & download.

The problems I ran into, though, are that once the parent folder is PW protected, all contents are equally protected, so that when the image is uploaded into the protected area, when a visitor accesses the page the image is inteneded to be deivered and displayed on, the visitor is prompted for the password as well... because all contents are protected.

The first attempt was to have the repository folder outside the upload environment, in the root directory, so the upload environment could be secured, delivering the uploaded assets to the external, root-dir folder, but this came with a new set of complications.

The final solution was to set the password protection on the Upload environment, creating an .htaccess file eithin the upload folder, then modifying that .htaccess file to allow the one file in the root directory to have access to the upload nevironment without authorization. Here is what the .htaccess code looked like:

AuthType Basic
AuthName "Upload"
AuthUserFile "/home6/cayceweb/.htpasswds/public_html/maryannsgourmetmarket/upload/passwd"
require valid-user

<Files menu_daily.php>
Order Allow,Deny
Allow from All
</Files>

That did the trick.