Hiding files from public access but viewable within domain

**Dormilich** · Jun 7 '14, 04:44 PM

However I need these files to show in an iframe or div within a PHP page on the same server.

that statement doesn’t make sense (at least to me).

for viewing something in a HTML page (an iframe ain’t different from that) you need a client. the client is always on another machine (with localhost being the sole exception) …

**meditation** · Jun 9 '14, 07:40 PM

Use .htaccess, give acces to local ip address, deny access from other IP address.

**robertybob** · Jun 11 '14, 08:46 AM

Thx for the replies and sorry for the late response.

@Dormilich - I understand that an iframe etc is still an html page in itself and that is the source of the problem - ie, the page must be able to be read to be shown in the iframe but not be publicly accessible...

@meditation - I'll give this a go and let you know shortly.

All the best to you both

**Dormilich** · Jun 11 '14, 09:09 AM

the page must be able to be read to be shown in the iframe but not be publicly accessible

impossible. an iframe is nothing more than a browser window inside a browser window, so the same rules as a "regular" browser window apply regarding resources.

another interpretation were that the data should be public, but not as a bare HTML page you could call. this calls for loading this content via AJAX i.e. you fetch the data (not the HTML representation of the data) from the server and make JS render/insert it into the current page. that could be an iframe, although that would be the most laborious way to render the data (since you need to create a complete page instead of just an HTML chunk)

These files should not be able to be publicly viewed (imagine this is a CHMOD issue).

why is that a CHMOD issue? one is about HTTP and the other about the filesystem.

nevertheless, if the PDFs/XMLs are available in your page, I don’t see why it shouldn’t be possible to extract them from there (unless you don’t serve it as PDF/XML but as HTML representation thereof).

**robertybob** · Jun 13 '14, 10:01 AM

OK Thanks.

Since no-one has suggested using the CHMOD on the folder containing the files I guess I'm looking at reading the PDF content into the page from a file location behind the public root.

I'll see how I get on with that.

@meditation - I think this would have worked but unfortunately the office does not have a static IP so is not feasible.

**Dormilich** · Jun 13 '14, 10:28 AM

Since no-one has suggested using the CHMOD on the folder containing the files

since CHMOD modifies the filesystem permission on the computer, it would make no difference who is accessing the resource from outside. it’s more like you either have access or not no matter who you are.

I guess I'm looking at reading the PDF content into the page

but you still need to tell the script whether the user viewing the page has the right to get that document served (e.g. via login).

**project manager** · Jun 16 '14, 04:11 AM

Copy the content in temporary file and show the temporary file, delete it after sometime.

**Dormilich** · Jun 16 '14, 06:41 AM

that would still make it accessible from everywhere, though for a limited time.

Hiding files from public access but viewable within domain

Hiding files from public access but viewable within domain

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment