Jump to content

Prevent direct File Access


StevenOliver

Recommended Posts

A shipping vendor (like Stamps.Com) provides me a Printable Shipping Label to display on my website for Visitors to print.

When Visitors come to my page, my PHP code:
1.) connects to Shipping Vendor via an API,
2.) downloads and converts the base64 data to image
3.) names the image to Customer Order Number.png
4.) saves image in directory
5.) then displays image to Visitor.

$Shipping_Label_Data = $LabelVendor->data[0]->contents; // vendor's API
file_put_contents('Label-Directory/'.$Order_Number.'.png',base64_decode($Shipping_Label_Data));

echo '<img src="/Label-Directory/'.$Order_Number.'.png" />';

Later I realized the security flaw: any snooper can fish for other Visitor's labels in my Label directory.

What is the best way to prevent the display of other people's labels?

Thank you!!

Link to comment
Share on other sites

Thank you. I should have explained the scenario better.

1.) Customer selects merchandise (like a shopping cart page).
2.) Customer inputs their name and address.
3.) Customer clicks "Submit."
4.) The "Finished.php" page displays the label.

Both the Shopping Cart php page, and the Finished.php page which displays the Shipping Label are created on the fly (not static) and are not directly accessible.

However, since the actual Shipping Label images are saved in a static directory, a savvy Visitor could right-click on their own label image to view the image location ("example.com/Label-Images/22222.png").

Then, theoretically, they could try randomly typing other suffixes to find other Visitor's labels (e.g. "Label-Images/33333.png," "Label-Images/44444.png," "Label-Images/55555.png," "Label-Images/66666.png," etc).

I want that static label directory to be off limits to everyone, at all times. (The only time Customers should ever see a label is on that "Thank you for your Order, Here is your Label" Finished.php page.)

Link to comment
Share on other sites

Put the labels in a folder that is outside the html accessible tree.  Then only your php scripts can access them.  Also - instead of using a link to the file (which wouldn't work in this scenario), first read it and then display it on your output page

Link to comment
Share on other sites

Thank you.  Here's what I did:

1.) moved the Label directory above the WWW directory.
2.) I created a "readfile" script
3.) The label gets named by $_SESSION["Order_Number"], and is viewable only if the current session ($_SESSION["Order_Number"]) matches the current Order Number.

That way, the Visitor can only view their own label, during that session only. (After they quit their browser, they won't be able to read any labels).

I can't think of anything else I could do.

Link to comment
Share on other sites

If there is a login system, then the orders should be associated with the user's account. If they log back in, you should have all the data you need in order to allow them to retrieve their shipping labels.

If users can place orders without being logged in, then you you should provide an alternative method to "see" their order and retrieve a shipping label if needed.

1. You could provide a link in their order confirmation email that uses a unique GUID that is associated with the order

2. You can provide a page to "look up" an order. The user would need to provide their order number and one or more identifying pieces of information that were used when placing the order: email address, zip code, etc.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.