Kevin Murphy wrote:
I'm working on a intranet site that uses an LDAP server to
authenticate users and then a integrated CMS (kind of like a wiki with
security features so only certain people can post things or upload
files) runs the whole thing. (The CMS is custom built with PHP).
I've got a need to make certain files secured so that if someone
uploads a file they can specify that no one except certain people can
view the file. I've got all the security features set up, what I need
to do is come up with the best way of securing those files. Obviously
the link won't show to those files if the user doesn't have access to
it, but I'm worried that someone might know the link and be able to
access the file that they are not supposed be able to see.
This doesn't need to be NSA level security, but I do need to protect
against some computer savvy users. So, I'm pondering the following
ideas for hiding those files. Any insight on the best method would be
appreciated:
1) Write secure files to MySQL as a blob (only secure files would be
written there)
2) Write secure files to the level below the web root and come up with
a way of copying the files over to a temporary directory for access,
then delete the files as soon as they are accessed.
3) Use Unix passwords to protect a folder in the web level and then
the CMS knows the password and can pass the password for access (so
that the user doesn't know this password, but the CMS does).
4) Some various forms of link obfuscation, where the CMS goes through
all the secure files once an hour or so and rewrites the file name
with a random string.
5) Or ???? I'm open to suggestions.
You can easily force all file access to pass through a PHP script ->
just do this kind of thing:
- Fetch file information from a get variable, like file.php?fileid=12345
(or even file.php?filename=somefile.bin)
- Check if the user is allowed access to that file (yes: continue, no:
display an error)
header("Content-Type: " . $file->getContentType());
readfile("/path/to/secure/" . $file->getFileName());
Then just make sure that the "/path/to/secure/" (as in the example
above) is not readable by web users by some means.
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php