Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I just program a website with in the server a directory called "/src/PDF/" where all of my PDF documents are stored.
Actually I simply make a
<iframe class="mx-auto w-100" src="./src/PDF/mypdf.pdf#toolbar=0"></iframe>
to diplay it to the user, but any user can follow the link to "./src/PDF/" and access to all of my website's PDF !
You have to know that my website use account to access to the documents, so if you are a subscriber to the website or you acquired the PDF by unit, you can see it, if not you have a page to connect, subscribe or acquir it individually.
I heared about .htaccess but I didn't find any formation to program .htaccess propely for my case.
Can a charitable soul come to my aid?
Thank you very much for your time !
You have few options:
A) You put an index.html/index.php file in the directory. This could even be just a blank file. That way they don't see a directory listing.
B) You disable directory listing in your web server configuration, for Apache you can do this in an .htaccess file. Simply put in, or create an .htaccess file in src/PDF/ with:
Options -Indexes
With either of these options however nothing will stop anyone from just guessing a name of a PDF file, or someone giving them a link to view it.
I would at the very least move the PDF files to a directly that cannot be accessed publicly (ie: before your public_html) and then use random file names and reference the actual name of the document from a database. Then send the PDF to the browser through a PHP script where only authenticated users can see it.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
We have one .net application in which there is facility to upload images in given storage location. our application is completely windows based. and what it does is it stores images on given path for example "E:\Images".
On the other hand We are using using PHP application (using smarty framework) to display all our uploaded data. In this case everything working fine except images as the storage location is not within the PHP application directory.
I know with the help of symbolic link we can access the images from another disk. It is also working. But if we change the storage location later on then there will be a problem.
I also know that using base64 way we can access images. But it is taking too much time to load If I have a 30 images for one single record.
Can you please suggest a good way how can I access the images? Or how we can improve our symbolic link way?
PHP can access any area of the disk ifallowed. You may need to configure open_basedir to allow such access.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am attempting to collect files from a number of friends from around the world. Later on I will also allow everyone to download from this shared repository.
Some key facts:
Most of them have little knowledge for file transfer and even less motivation to "try". So they will stop caring to upload files if I tell them to install some ftp/webdav client and give them detailed info on how to send files.
I have a high server to my disposal where I could setup a webserver that can do multiple file upload/download.
the data size will be considerable so I can not use one of available free services (such as dropbox etc.)
I have zero knowledge regarding webpage programming.
So I would like to create an extremely lightweight page (hopefully an html page is enough), where there is some introductory text, underneath I can see the files that exist in the current directory and finally have an "upload" button so as to allow people to upload files (multiple files!).
A possible page could be similar to this http://taper.alienbase.nl/mirrors/. As you can see there exists some text and the current folder contents. There exists no upload capability however. Also If a folder is completely empty (no index.html etc) , apache decides automatically to create an 'ls table' of the current directory contect.
Is there any easy code that implements file upload? I read about plupload here but it seems somewhat more complicated (it also requires java? - I didn't find any setup info)
I want to set it up on an apache webserver, in a linux box.
If you have a tutorial in mind that may give installation and setup information about how to set it up, it would be very helpful.
I have previously used this jQuery Upload File Plugin. Its simple to implement and has the option to drag and drop multiple files for upload.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I'm concerned about security. I need to allow a specific group of users to upload documents and for all other users to download them.
Where or what folder is the best place to allow this to happen? I read that outside the root of the site is best but then I've read conflicting posts.
Thanks for any help.
It all depends what you need to be able to do with them once they are uploaded.
Outside the web root is definitely best but if you then need to be able to show those files on webpages, you will need to write a handler or just save them inside the webroot.
Ideally you should never allow untrusted users to upload any file to a server and should certainly never allow untrusted users to upload files into a webroot as they could then use your server to spread malware or upload files that can be executed on the server and take control of your server or site.
You should always ensure that the minimum number of file types possible are allowed for upload so if a user is uploading an image, make sure they can only upload images
I generally save files to a folder outside the web root (note, not just outside my site root, but outside of the actual web root directory). You only asked for advice on where best to store the files, but presumably you are taking other steps to make the uploaded files secure (like, changing the name of the file, changing the permissions on the file, etc). Good luck!
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I installed an Apache server and am playing around with it a bit. What I can't figure out is how to properly set permissions for this setup:
I don't want my files to be externally accessible (i.e. ./files/file1.foo) - there are many files in this directory and I don't want people to be able to read them. So far so good. chmod o+r enables reading and vice versa, in my case.
Then I have a PHP script that handles sessions with each user, who owns one of the files and should be able to view it, but only it, not the other files. Let's say the file is a picture. I would write <?php ... echo "<img src=\"files/file5.foo\"> ?> to show this file. But that wouldn't work, because the PHP doesn't have permissions to the file either.
What is the way to handle this?
For those requirements the best solution is to store the protected files outside of the public HTML and use a PHP script to serve them. The PHP can then check if the current user should be allowed to access the requested file or not.
Have a look at this example. For inline images, don't set the file transfer headers, just output the content (you can still output a content-type header but that isn't needed).
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
i am doing a php program which requires doc file to be saved after every 10 secs.msword should not ask the path to be saved. actually i have written a program which opens a doc file. the file should be auto saved to the exact location from where the file is opened.
If I understand you correctly, what you want to do is not possible (sadly).
There is no standard or protocol for live editing of remote files that have been downloaded from a web page in a browser. The file will be downloaded to a temporary location and opened from there.
Hence, any notion of providing an auto-save mechanism from PHP or JavaScript is completely impossible. The client application will have to do that.
If you want to upload the downloaded and locally edited file back to the web site, you will need to provide an upload form for the user to do it manually. (Which is a shame and completely unintuitive, but that's the way technology is at the moment.)
Not possible due to security reason in web technology.