Is there a way to store secure pdf documents on a web server, outside the server's root directory, so they can only be viewed by authorized users from their browser?
Since these files are outside the server's root directory, they can only be accessed by code running on the server. Is there some PHP magic that will do what I want?
Thank you,
Joe

Not sure, Christian probably knows this better, but I *think* you can make PHP copy the file to a web accessible directory.

But why do the files need to be above the root? Can't you just use a password protected directory? Passwords must come into it anyway.

I want the files to be above the root so they can only be read by logged in users. If the files were in a directory in root or below, wget will get them. I think that any file permissions that make the web browser access the files will also allow wget to work.

Yes that should work (though I don't think I've ever tried it).


Not if they're password protected. And even if they're above the web root, wget might be able to get them through the PHP script (unless it's password protected).

That said it's still slightly safer to put them above the web root, in case something goes bad with the password protection. But again, the same might be said for the PHP script's password protection...

What Christian said.