1

I'm working on an application (LAMP) where users can upload files to the server but cannot share it's files with other users. So, my problem is to implement a secure mechanism that ensures user A cannot access to files uploaded by user B.

My approach is this:

  1. Each user has a folder for its files (/upload/userA)
  2. Add a .htaccess file to redirect all access to /upload folder to a PHP script
  3. Check if the user has permission to access to the subdirectory (/userA)

Can you see any drawback in this approach? Any better alternative?

Improve this question
7
  • One drawback I can think of is that .htaccess files are rather slow, and taxing on servers - it'd be much better off being set in the server config file. Commented Jun 29, 2011 at 6:56
  • Instead of making hard references to files, you can make something like download.php?id=1234 and just check for 1234 from database whether user has privileges to download the file and do not show the physical path to user at all. Commented Jun 29, 2011 at 7:06
  • I would second @Ahmet and add that a good practice for saving files in a "secured" way is storing them outside of your domain (yet still on your server). Then use download.php?id-1234 to call the file. Commented Jun 29, 2011 at 7:10
  • 1
    I'm moving to an answer. Commented Jun 29, 2011 at 7:12
  • 2
    It does not have to be on another server but outside of the area accessible via HTTP so visitors will never have a direct link to the file but a script that routes the traffic. So you can have /mydomain.com/htdocs/ for web/php and /mydomain.com/secured/ for files. The latter folder is not accessible via HTTP (hope this makes sense...) Commented Jun 29, 2011 at 7:24

1 Answer 1

Reset to default
1

Instead of making hard references to files, you can make something like download.php?id=1234 and just check for 1234 from database whether user has privileges to download the file and do not show the physical path to user at all.

With HTTP headers, you can force users to download file with a filename you have desired (stored on database). Allowing users to directly access their files from physical paths is not a good idea and if you try to make a hook with .htaccess upon each request, that will be more expensive, indeed.

Most systems consider generating some random strings or GUIDs that you can't simply access someone else's file by changing a character randomly. i.e. in Facebook images, ../187170_697610597_4628627_q.jpg there is that complicated URL which users can directly access but can not guess another image URL by changing a few digits, that's too difficult but not safe and does not meet your requirements.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.