I'm creating a files sharing service that runs through a mobile app, there's a folder in the server that hosts users uploads, I know usually in these scenarios the uploads folder must be put outside the public http directory, but I'm hosting the code on an online hosting service which doesn't allow doing that
So far here are the security measures that I've done:
Files inside the folder are named with randomly generated IDs while all the file information (Name,type..etc) are stored in the database
The Folder itself is protected using htaccess (Order Deny All) so nobody can access any data inside except scripts hosted on the server
When a user wants to download a file, my idea is to make a script that would copy the required file to a temporary folder, while adding a record in the database to delete the temp file after 2 hours of the request (Cron Job)
How efficient is my method? Can a PHP file handle cloning large number of files without putting too much pressure on the server? And what alternative ways are there to protect the folder data
Thanks for your time reading this
Related
I have a framework that I've written. I created a package for said framework that allows me to track my employee's hours, and gives them a place to dump files for the accountant. (Invoices, etc.)
The problem is that these file dumps are accessible through the browser. I could use a .htaccess file to prevent the files from being served up at all, but the problem is that I would like the accountant and the employee to be able to download their files.
A solution might be to read the files with PHP, create a temporary copy, have the user or accountant download that copy, then delete the copy...but this poses two problems.
1) It's going to be time and resource intensive...especially for large files.
2) For whatever short amount of time, there will be a copy of the file which is accessible to whoever knows the URL.
The other solution would be to put the files outside of the public folder, but the problem is that I would like this package to be portable, and a lot of my servers are shared.
What method could I use to be able to serve the files only when authenticated, and avoid the flaws I described above?
Currently, I am putting all files in my public directory which means that anyone can download the file.
However, I don't want anyone else to see that file other than the user who created it. As of right now, I have no control over that. Maybe if I store it in another directory, I will be using middleware to protect it.
But I'm stuck on the part where I can upload the user-uploaded files.
Where is the best directory to put them? I don't have an external server I just have a VPS.
Laravel has a storage folder designed especially for this case. It's not available from outside your server and you will have to serve the files from it through Laravel.
My php script allows users to upload images and stores them in a directory in the same server. Is there a security or performance advantage when transferring user uploaded files to a remote server on a different FTP account?
I imagine that it's more secure to store uploaded files on a server that isn't in the same directory with my php scripts and connected to my database. What are your thoughts? Advice on how to properly use a remote server is welcomed.
Note: I plan to use Codeigniter's FTP Class to handle all transfers and I'm saving image URLs to the remote directory in mysql.
It is no more secure than storing them on the same server as users can execute your PHP scripts as long as they know their locations. They can find a PHP script's location very easily without know it already (and without seeing images in the same directory).
You will see a decrease in performance (possibly very noticeably depending on how often you access emails) and won't see an increase in security.
If you don't want users to be able to execute your PHP files, you can change the read/execute capabilities of users in specified directorys (you could just put your PHP files outside of the folder with the photos if you want the users to have access to the images without having access to the PHP files)
If you are worried about users uploading files you don't want them to upload, you can limit the types of files they can upload by either saying "these file types are not allowed" or saying "only these file types are allowed" and checking with PHP when the file is uploaded.
I am currently using php and ajax file upload to develop a web application.
in a web application involves getting the files uploaded from user, e.g email client, photo gallery. This is the scenario that i got stuck.
When user uploads some files but close the browser without submit, i want to delete those files and only move the relevant files.
I have tried leave the stuff in tmp/ folder and been given a temp name by apache but when i do the upload i have to move the file immediately otherwise the file cannot be found in the later stage by referencing to the temp filename.
The reason that i leave it in a /tmp/ is that i will want to setup a cron job and delete files in those folder to free up server space.
Am i doing the right thing? or is there a standard industry approach used by hotmail, google etc?
You will need another temporary folder which you can manage yourself.
You can upload to this folder you created yourself called temp. When the uploading is complete, move the temporary file from PHP's tmp folder into your temp folder.
Then when the submission is done, you move the file away into its respective folders.
Have a cron job that works background to remove old files in that folder.
Remember to give permissions to PHP, Apache and the cron job for access to the folder.
Don't rely on industrial standards - besides, Microsoft and Google don't use PHP. (maybe Google, but definitely not Microsoft).
Why not just move it from the tmp/ folder to your own temporary staging folder immediately, and then keep a reference to it in the DB, and have a cron job that periodically scans the DB for 'staging' files with a timestamp more than X hours in the past and removes them?
I dont know about big boys, but I guess, you can create a database table, that will hold the temporary file names, the pros of this approach is that, you can delete the entry from temporary file table, even browser is not closed in the middle, and additionally setting up cron job to delete files as found under temporary file table.
I have a PHP script that processes file uploads. The script tries to organise the files that are uploaded and may create new folders to move the files into if needed. These files will be below the www root directory (ie, a web browser will be able to access them).
My question is, what permissions should I set for the folders that get created and for the files that are moved into them (using mkdir() and move_uploaded_file())?
Your webserver needs read and write permission in those folders, execute permission should be revoked (assuming UNIX-like systems). If not, a user could upload a script and have it executed by sending a HTTP request for it.
But IMO the whole concept is a potential security hole. Better store the files in a folder outside the webserver root, so that no direct acceess is possible. In your web application, you can have a PHP download page that scans the upload directory and displays a list of download links. These download links lead to another script, that reads the fiels from you storage dir und sends them to the user.
Yes, this is more work. But the scenario is very common, so you should be able to find some source code with example implementations easily. And it it much less work that having your server hacked...
to answer it specifically 766 (no execute permissions) would be the loosest you would want to use. On the other end 700 would allow no one but the web user to mess with the file.
But really it all depends you were doing with the files that would determine the best result.