2007/3/20, Richard Lynch <ceo@xxxxxxxxx>:
One common pattern in PHP is to not put the file in the web tree at all, and write a PHP script with 'readfile' (or fopen/fread/echo loop for larger files). You can then control access to the file, and log any kind of stats you need about accessing the file.
Yes I already do that with all my scripts that are dealing with files.
Once you have that, then you can also put the files on some other server, and use URL fopen to read them, if you like.
Is it considered as secure ?
I've done that for one site where a webhost a like has limited hard drive space, and have made it appear as if a Terabyte of music is available on a 500 meg site. Or you could use PHP ftp functions to shuffle them around.
I much like this approach because we don't rely on another apache server. We can assume that if a cracker found a security hole on the front-end, it will be more easy to use the same exploit on the second server. I had a quick look on the ftp functions of php and there is an interesting usage proposed in comments: http://www.php.net/manual/en/function.ftp-get.php#72603 Coupled with ssl ftp, this could be a good solution. Any comments, pros, cons, ... ?
It depends more on what you are trying to secure, and why, than it does on any sort of general principle, really... And just personal preference on how to do this sort of thing... And your performance needs are a big factor, sometimes.
Security is the major point (before performances). The mains goal is to be still protected if their is an element under attack on the application server, for instance a vulnerability in apache (or even php according to the March month ;). I want to be protected against: - cracker uploads a file and use a vulnerability to execute it on the server (I can avoid it with a partition mounted without exec rights or with another server that hosts the files). - cracker uses a vulnerability and obtains the same rights than the web server (due to mod_php) she will be able to access to all the files (at least in read mode) because the user who runs apache have to be able to read them. There are probably other things I don't imagine but I think the usage of another server to host data is a good approach. Regards, Manuel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
