Secure User file Storage

[coder7]

I'm developing a website that has secure user PHP sessions and I need some advice on how to securely store confidential user files.  Currently I have an SSL certificate and I have an admin area controlled using PHP sessions that permits an admin to upload documents to a particular user directory. When a user registers for a login account on the website to view their files, a random directory is created and associated with their user account in mysql.  Logged in users are only provided a list of documents found in their associated directory.  I figure the random directory will prevent someone from guessing user directories and a direct path to a user file.  I also have my htaccess forbidding access to view directories incase one of the random directories is guessed, you still have to guess the filename.  The final measure taken was to place an index.php in each user directory which directs to the homepage should some one access a random user directory via a direct link.

 

Sorry to be long winded on my first post, but I'm hoping someone can tell me if this is suffient security or if I'm leaving vunerbilities and should be going about storing these confidinetial files in a different way.  I'm looking for a solution to be as secure as a medical site which stores patient medical information.  Should the documents (word/pdf/ppt, etc) be stored outside of public_html instead?  Thanks in advance and I hope someone can provide some advice.

[PFMaBiSmAd]

The actual files should be stored in a location that prevents direct access through all HTTP/HTTPS requests. Either outside the document_root folder or if that option is not available, then a .htaccess file with a deny all statement in it could be used.

 

To access the files, you should dynamically output them through a .php file, something like -

access.php?file=some_file_id

 

The code in access.php (or what ever name you choose) will then check and enforce which files the currently logged in visitor has access to and will map the some_file_id to the actual file, then output a correct content-type header followed by the contents of the correct file. The code would also check to make sure that the current connection is through HTTPS before outputting anything.

[coder7]

I was going to use a php file to serve up the files like you suggested, but I didn't want to actually display the file in the current  browser window.  How would I have this code "access.php" just initiate the download of a file like how a direct link to a document works instead of loading it in the current window?  Can you initiate a document save using fopen or something?

 

Thanks for the quick response.