Jeigh Posted July 10, 2008 Share Posted July 10, 2008 Hello, I'm currently making a script that involves users uploading a file and then later downloading that same file again. I'm able to do this fine however I'm concerned about how secure the files will be. The best way I've thought of restricting access to the file to just that user is buy giving the file a name of a string of random numbers, eg it would be stored in /uploads/0917209348201974829872.jpeg. Then I'd provide a link to the file to the user when they are logged in. But this way anybody, logged in or not can put that into their browser (although it would be unlikely for someone to guess, it is still very possible especially with brute force scripts and even a bit of luck) and download the file. So what I'm looking for is a method where I can allow them access to the file through using a PHP script, but not through typing the link in their browser. Any help is very much appreciated. Quote Link to comment https://forums.phpfreaks.com/topic/114059-securing-uploaded-files/ Share on other sites More sharing options...
DeanWhitehouse Posted July 10, 2008 Share Posted July 10, 2008 maybe restrict access using .htaccess file? Quote Link to comment https://forums.phpfreaks.com/topic/114059-securing-uploaded-files/#findComment-586247 Share on other sites More sharing options...
Jeigh Posted July 10, 2008 Author Share Posted July 10, 2008 I only know the basics of .htaccess but I assume the only way to do that would be creating a username and password for the user (after they've signed up, and I assume that would have to be done manually?) which I think would complicate the process a bit too much. I heard storing files outside of the 'public_html' folder would be able to achieve this but I'm not entirely sure how. Thanks for the response. Quote Link to comment https://forums.phpfreaks.com/topic/114059-securing-uploaded-files/#findComment-586252 Share on other sites More sharing options...
Guest Xanza Posted July 10, 2008 Share Posted July 10, 2008 Well actually, what you could do is build a nice little php script, to include all of the uploaded images on a single index page (depending on the number), then run a script to determine who is logged in, and provide the picture automatically. They you could add a button to download the image, and you wouldn't have to worry about people that aren't logged in - viewing the images. My suggestion for security is to put all the uploaded images in let's say /protect/ then just add an index page. Sure it's not horribly secure, but it would add some, and it would definitely keep out unwanted guests. Quote Link to comment https://forums.phpfreaks.com/topic/114059-securing-uploaded-files/#findComment-586293 Share on other sites More sharing options...
LooieENG Posted July 10, 2008 Share Posted July 10, 2008 Couldn't you store them below the web root? i.e. /var/img instead of /var/www/images/ Quote Link to comment https://forums.phpfreaks.com/topic/114059-securing-uploaded-files/#findComment-586302 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.