 | 
May 16th, 2008, 10:37 AM
| | Member | | Join Date: Jul 2007
Posts: 73
| |  Security of user uploaded files
Hello,
I'm going to start making a script that will allow users to upload a file, then re download it later. I'll basically be doing the following:
- The uploaded file will be given a string of random numbers / letters as the filename and uploaded to a folder.
- That random file name will be stored in the database along with the users username
- When the user logs in they will see a list of their files that they can download and they will link to the appropriate file on the site.
The only problem with this is that anyone will be able to access the file if they get the link. It is unlikely that they'd guess the file name but still there is a posibility so my question is:
Is there a way to make this system more secure, only allowing that same user to download the file again?
The files uploaded wont contain sensitive information however I certainly dont want it falling into the hands of certain people.
|
May 16th, 2008, 11:12 AM
|  | Moderator | | Join Date: Jun 2007 Location: York, England, with wolves. Age: 18
Posts: 2,860
| |
Hm, interesting problem.
If the filename is guessable, people will be able to access it.
What you could do is keep changing the file name when downloaded.
Just a though,
*subscribing*
|
May 16th, 2008, 12:14 PM
|  | Moderator | | Join Date: Jul 2006 Location: The Netherlands
Posts: 4,139
| |
Another option is to do it as (some) publishers like SitePoint do it. You are here not able to download a file directly, even when you know the filename.
When you want to download you indicate that file after logging in. The site will then send you an e-mail with a link with the hashed bookname in it. Clicking that link only will download the file to you.
Ronald
|
May 16th, 2008, 01:30 PM
|  | Moderator | | Join Date: Nov 2006 Location: Iceland Age: 22
Posts: 2,790
| |
Hi.
You could also consider putting the file outside the web root, and have PHP output it only to users that have logged in.
Or just put the file into the Database and read it from there.
|
May 16th, 2008, 01:54 PM
| | Needs Regular Fix | | Join Date: Feb 2008 Location: Australia Age: 22
Posts: 465
| |
Quote: |
Originally Posted by Atli Hi.
You could also consider putting the file outside the web root, and have PHP output it only to users that have logged in.
Or just put the file into the Database and read it from there. | Yeah, I think if you want security, you will need a login system. Connected (but not requiring a login system) would be to use a database to record file name and a password to that file. So when a user requests a file, it will search the database and ask for the registered password (and registered name?) before it lets them download it.
|
May 16th, 2008, 02:43 PM
| | Member | | Join Date: Jul 2007
Posts: 73
| |
Yeah the site will have a registration / log in system, and the link will only be displayed to the logged in user however my problem is that, even though they are the only ones given the link, since the file is uploaded and in the FTP everyone has access to it if they can just guess the link.
So if they know the files are stored in /files, they could just randomly type like /files/oehno0wrhnqr32rjhw3.xls and get lucky, or even get some sort of brute force script to do it.
I thought I could add some sort of verification code that is stored in the database also so the link would be somthing like:
redirect.php?file=eweknr0932n0rs.xls&v=929302089
But obviously, I'm still faced with the same problem, it's just harder to guess.
Thanks for the responses.
|
May 17th, 2008, 12:33 AM
| | Moderator | | Join Date: Jul 2006 Location: The Netherlands
Posts: 4,139
| |
Quote: |
Originally Posted by Jeigh ....and in the FTP everyone has access to it if they can just guess the link.... | You cannot be serious that your users have access to your server via FTP? If so, why on earth did you do that? And why not a simple download link to be clicked?
Ronald
|
May 17th, 2008, 02:21 AM
| | Member | | Join Date: Jul 2007
Posts: 73
| |
I may be missing somthing simple here, my users dont have access to the FTP but what I mean is if I upload a file say in files/xxxxx.jpg if I want one user to have access to it then all of them will be able to download it by just typing in mysite.com/files/xxxxx.jpg, however I only want the one user who uploaded it (which will be through a form on my site) to download it.
|
May 17th, 2008, 10:18 AM
| | Moderator | | Join Date: Nov 2006 Location: Iceland Age: 22
Posts: 2,790
| |
Like I said before, the easiest solution would probably be to put the files outside the web root so that it can not be downloaded directly.
Either that or put it inside your database.
You could also set it's permission so that only it's owner (PHP, I would assume) has access to it. But that can be a little tricky. Check out the chmod function.
|
May 17th, 2008, 10:35 AM
| | Member | | Join Date: Jul 2007
Posts: 73
| |
Quote: |
Originally Posted by Atli Like I said before, the easiest solution would probably be to put the files outside the web root so that it can not be downloaded directly.
Either that or put it inside your database. | Thanks for the response but I'm not entirely sure what you mean, would you be able to elaborate on that at all?
|
May 17th, 2008, 11:07 AM
|  | Expert | | Join Date: Dec 2007 Location: Moon, Dark Side Age: 23
Posts: 673
| |
Quote: |
Originally Posted by Jeigh Hello,
I'm going to start making a script that will allow users to upload a file, then re download it later. I'll basically be doing the following:
- The uploaded file will be given a string of random numbers / letters as the filename and uploaded to a folder.
- That random file name will be stored in the database along with the users username
- When the user logs in they will see a list of their files that they can download and they will link to the appropriate file on the site.
The only problem with this is that anyone will be able to access the file if they get the link. It is unlikely that they'd guess the file name but still there is a posibility so my question is:
Is there a way to make this system more secure, only allowing that same user to download the file again?
The files uploaded wont contain sensitive information however I certainly dont want it falling into the hands of certain people. |
Atli has you going the right direction. The way most sites do this is by not prividing a direct link to a file but more of a "getter" file.
observer getFile.php?id=388787533434
Here, getFile.php could look at the session and grab the user (or should know it already, then look up that id in the database and make sure the username matches. If so, then have php grab the file, ie what Atli suggested, that url to the file grabbed from the DB is not in a "public" directory accessable through the browser.
mysiteFiles/
mysiteFiles/uploadedFiles/
mysiteFiles/webroot/
mysiteFiles/webroot/index.php
mysiteFiles/webroot/getFile.php
In this example. webroot is public folder where your site is located. The directory where the uploaded files will be is outside this folder.
Good luck,
Dan
 |
May 17th, 2008, 11:17 AM
| | Member | | Join Date: Jul 2007
Posts: 73
| |
Ah yes I see, so the /uploadedfiles folder I have to chmod so users can't access it, but by using the PHP script it will still allow them to download it?
Thanks for all the help I appreciate it.
|
May 18th, 2008, 02:50 AM
| | Moderator | | Join Date: Nov 2006 Location: Iceland Age: 22
Posts: 2,790
| |
Quote: |
Originally Posted by Jeigh Ah yes I see, so the /uploadedfiles folder I have to chmod so users can't access it, but by using the PHP script it will still allow them to download it?
Thanks for all the help I appreciate it. | No there is no chmod needed in this scenario.
Say that the web root of www.example.com is /files/webroot/.
If you ask for www.example.com/dir/myfile.ext the HTTP server will try to serve the file at /files/webroot/dir/myfile.ext.
If you store your files in a folder outside the web root, for example /files/fileUploads/ no URL will make the HTTP server serve files from that directory. It is simply out of reach.
You can, however, have your PHP scripts read files from anywhere on the server, given that PHP has permission to read it.
So, if you have your PHP validate that a user is in fact logged in and should be able to download the file, you can have PHP *pretend* to be the file by echoing headers and outputting the contents of the file.
For example, if you have an image at /files/fileUploads/myImage.jpg and you have a PHP page inside the web-root at /files/webroot/downloadImage.php, containing the code: -
$imagePath = "/files/fileUploads/myImage.jpg";
-
$imageMime = "image/jpeg";
-
$imageSize = file_size($imagePath);
-
-
header("Content-Type: " . $imageMime);
-
header("Content-Length: " . $imageSize);
-
-
readfile($imagePath);
-
If you now ask for www.example.com/downloadImage.php, your browser will accept this .php file as an JPEG image, and display it as the original image.
|
May 18th, 2008, 11:04 AM
| | Moderator | | Join Date: Jun 2007 Location: York, England, with wolves. Age: 18
Posts: 2,860
| |
This could be a good article.
Anyone bothered if i write one for bytes?
Or does anyone want to co-write it?
|
May 18th, 2008, 12:27 PM
| | Needs Regular Fix | | Join Date: Feb 2008 Location: Australia Age: 22
Posts: 465
| |
Quote: |
Originally Posted by markusn00b This could be a good article.
Anyone bothered if i write one for bytes?
Or does anyone want to co-write it? | If u got the time to make it, I will make the time to read it!
| |
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts
HTML code is Off | | |
| | | What is Bytes?
We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights.
Get the best answers to your questions from over network members.
|
