Re: Strategy for Secure File Storage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Kevin Murphy wrote:
I'm working on a intranet site that uses an LDAP server to authenticate users and then a integrated CMS (kind of like a wiki with security features so only certain people can post things or upload files) runs the whole thing. (The CMS is custom built with PHP).

I've got a need to make certain files secured so that if someone uploads a file they can specify that no one except certain people can view the file. I've got all the security features set up, what I need to do is come up with the best way of securing those files. Obviously the link won't show to those files if the user doesn't have access to it, but I'm worried that someone might know the link and be able to access the file that they are not supposed be able to see.

This doesn't need to be NSA level security, but I do need to protect against some computer savvy users. So, I'm pondering the following ideas for hiding those files. Any insight on the best method would be appreciated:

1) Write secure files to MySQL as a blob (only secure files would be written there)

2) Write secure files to the level below the web root and come up with a way of copying the files over to a temporary directory for access, then delete the files as soon as they are accessed.

3) Use Unix passwords to protect a folder in the web level and then the CMS knows the password and can pass the password for access (so that the user doesn't know this password, but the CMS does).

4) Some various forms of link obfuscation, where the CMS goes through all the secure files once an hour or so and rewrites the file name with a random string.

5) Or ???? I'm open to suggestions.


You can easily force all file access to pass through a PHP script -> just do this kind of thing:

- Fetch file information from a get variable, like file.php?fileid=12345 (or even file.php?filename=somefile.bin) - Check if the user is allowed access to that file (yes: continue, no: display an error)

header("Content-Type: " . $file->getContentType());
readfile("/path/to/secure/" . $file->getFileName());

Then just make sure that the "/path/to/secure/" (as in the example above) is not readable by web users by some means.

jon

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux