Welcome Guest, Not a member yet? Register   Sign In
Handling confidential files
#1

[eluser]sl3dg3hamm3r[/eluser]
Hey there

I wanted to write down my thoughts here about handling confidential files, since I'm not used to deal with such stuff.

Assuming a simple shop, where at the end an order would be saved in a nicely formatted pdf on the server. The registered user could later on call this file any time.

First of all, I guess these files need to be stored outside of the web-root, in order to prevent unauthorized access. Second, php would control the access to the files (has user x the right to access file y?) and deliver it to the browser.

Is there anything else regarding this matter, assuming the user-authentication/authorization - system is safe?

How about naming the files? Since each file will have a DB-entry, I thought I could just take the DB-Id (1.pdf, 2.pdf ...). I guess I can rename it when I send it to the client, right? Or are there other solid conventions?

Thank you for any input
Sl3dg3
#2

[eluser]Mike Ryan[/eluser]
As long as your authentication/authorisation systems are reliable then yes, this system will prevent users from accessing files owned by other users. If you are not already doing so, you may want to consider using database sessions to help prevent user impersonation.

Encrypting the file and/or storing it in the DB will help protect against local users viewing the files, if that is a consideration.
#3

[eluser]Colin Williams[/eluser]
Your thinking is spot on. It's simple to think of it as "If I let Apache serve the file, I need Apache to authenticate and authorize the user. If I let PHP serve the file, I can have PHP authenticate and authorize the user." The file doesn't necessarily have to be outside of a public folder, you just need to insure PHP handles the request and serves the file, and not Apache.
#4

[eluser]sl3dg3hamm3r[/eluser]
Thank you for all your thoughts!

[quote author="Colin Williams" date="1224804954"]Your thinking is spot on.[/quote]

Err.... Sorry I am note native in English and now not sure if this means "Watch out, pitfall" or "yeah that's cool so far". :gulp:

[quote author="Colin Williams" date="1224804954"]The file doesn't necessarily have to be outside of a public folder, you just need to insure PHP handles the request and serves the file, and not Apache.[/quote]

But then, if the files are located somewhere within the html-directory, I would definitely need to protect them with a htaccess, no? PHP only can handle it if it is called. If a file is called directly (assuming somebody found out path and filename), PHP has nothing to do with it anymore and can't give any protection.

Well, to store the files directly into the DB, that's actually also an option...
#5

[eluser]Colin Williams[/eluser]
"Your thinking is spot on" = "You are correct"

You wouldn't be protecting it with .htaccess, but that would probably be part of the system. You could have the rewrite rules in any Apache configuration. What protects the file is your PHP script, which Apache would have invoked to handle the request.

Quote:If a file is called directly (assuming somebody found out path and filename), PHP has nothing to do with it anymore and can’t give any protection.

Again, this is true only if you have Apache configured in such a way that it is responsible for serving the file. With the right configuration, PHP will be invoked to serve the file.

By the way, what is your native language?
#6

[eluser]sl3dg3hamm3r[/eluser]
Ah, now I got it, thx!

My native language is Swiss German (not to be mixed up with German Wink
#7

[eluser]benoa[/eluser]
@Colin : If I have my protected files under application/uploads and I would like PHP to serve it, how can I proceed?
#8

[eluser]benoa[/eluser]
I'm sorry Colin, I should have read this http://ellislab.com/codeigniter/user-gui...elper.html before asking you my question...
#9

[eluser]Udi[/eluser]
What I would do is to write a controller that gets a file ID [in the DB you keep track of the files and their location on your server], I check if the user authorized to access this file and then show it to him [changing the headers of course].
This way the location of the file won't be shown, and you have your access control.

OR - you can ask the client to put an email it each order and just send the file to them.




Theme © iAndrew 2016 - Forum software by © MyBB