Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Security and access to my users files at the root of my webapp
Security and access to my users files at the root of my webapp
  • El Forum
    Guest
  •  
#1
05-29-2012, 12:15 AM

[eluser]bastien31[/eluser]
Hi everyone,

I just have a problem with security and access to my user files.

In my webapp, I have a gallery for each user. For that, at the root of my site, there is a user_files directory (same level as application and system directory). In this directory, I have for each user a directory containing his files. The names of these files are sha1 encoded. In DB, I have a link between user and files.

The tree is like that :
myproject
\application
\user_files
\user1_directory
user1_files
...
\user1_directory
\...
\system

When a user is logged, he can only found his documents in the webapp.

But the problem is that these documents have a public url, like http://www.myproject.com/user_files/4655...4s21c5.jpg

I put an index.html in the user_files directory and the users directories. But this only helps not to see the content of the directory. If you know the name of the document (even if it's sha1 encoded), you can access the document directly.

I tried to put an .htaccess in the user_files directory but the problem is that each time I want to see a document, login and password are needed.

I think it's a very basic functionnality for security and it's the kind of thing available in each webapp... So I think there is standard things for that, but i fail to found it on google !

Thanks by advance for your replies

Bastien
  • El Forum
    Guest
  •  
#2
05-29-2012, 12:40 AM

[eluser]bastien31[/eluser]
Hi again,

I found a wiki on asset management : http://codeigniter.com/wiki/Asset_Manager.

Is it the right way to do it ?

If I understand, It allows to put the user files directory in the application directory. So, you can't see the files if you are not logged even if by entering the right url.

or this one too : http://heybigname.com/2009/11/23/managin...deigniter/
  • El Forum
    Guest
  •  
#3
05-29-2012, 05:43 AM

[eluser]bastien31[/eluser]
I finally found these answers : http://stackoverflow.com/questions/19110...n-an-image

and the MY_Loader from Phil is just perfect !

I will made a mix of this one and the place of the user files directory and this will be ok !

Bastien
  • El Forum
    Guest
  •  
#4
05-29-2012, 06:53 AM

[eluser]weboap[/eluser]
look up
force_download()




Theme © iAndrew 2016 - Forum software by © MyBB