I am currently developing my own Google Chrome extension right now. My extension has the functionality to save and retrieve user data(bookmarks, browser preferences) from a local storage in a computer. Right now there are tools and technologies I am considering to use for the development of the said extension. Which brings us to my question:
I know for sure that PHP can be responsible for the file handling which includes storing and retrieving of browser data. My concern is that the security of the written file. Is it possible to put the written text file in a folder which is locked? Is it possible to make that folder account-controlled meaning for the folder to be accessed there should be username and password to be entered? What tool or technology can handle this?
Related
I'm working on a website that is generated from a server. I have a php file where I include files that are stored on my computer and are necessary for the code to work. The files that I need are related to google calendar API like my credentials and a link to the API folder just like in the quickstart.php example of google (https://developers.google.com/google-apps/calendar/quickstart/php).
I think that storing these files on the server is not such a good idea. Is there a way for me to link local files from the server in an include or require? Or do I have to put everything on the server? And in that case how do I know the filepath to my files?
I am not in control of the server I just have acces to a small part of it. It is the school server and I'm working on one directory or so from that server so I can't do anything from root or so.
Thanks in advance and if my question is unclear please notify me so I can rephrase it.
If you want to protect the code from exposure, try PHP ionCube Encoder. So someone who has access to the server can't read the code, but still it will run correctly.
You CAN include remote files via HTTP if you can configure the server to set the following in the php.ini.
allow_url_include = On
This is NOT the normal setting as it could leave you more vulnerable to attacks. So this method is not a recommended one, but it is possible.
You should consider setting up an additional account on Google and then using that to work with. You can share the relevant calandars from your personal account with that account and thus protect yourself better.
Create a folder on your server outside of the public html folder. Go one directory above your website route directory and create your folder there. People will not be able to navigate to that new folder as it is outside of your website route. Store your sensitive files in the new folder. Then just require them in your normal files as needed. This protects your sensitive files in the event your PHP handler failed (rare but can happen) as the content of your sensitive files would not be displayed to people as plain text on your website. Remember to set appropriate folder and file ownership and permissions also on your server.
In an attempt to add features to an online platform for file sharing, I would like to offer a seamless Integration of the platform content itself with other applications. This Integration should allow registered users to open and edit an uploaded file on the server. In the end the user should be able to open a link, e.g. API.php?File=/Overview.odt, in an editing software of their choice and be prompted the required document.
However, when the user saves the document, it will be saved as a temporary document on their computer (disk). Is there any way to directly access the file not only to open it, but also for saving?
I already looked at the FileWriter specification but wasn't really happy about the browser support...
Thank you for your answers.
You can submit your updated document through a GET or POST HTTP form, with an action field linking to a PHP script in charge of processing your file (if any processing is needed) and storing it somewhere accessible.
You could also rely on the WebDAV extension of HTTP, but those are rarely activated by default on web servers.
Anyway, you should be aware that when designing such features, the risk of introducing vulnerabilities on your website is pretty high.
Also, it is not clear to me how you can expect any possible application to use your interface automatically, unless you set up some kind of Dropbox-like daemon watching a synchronized folder on your local machine.
We have a system where, a large part of it is the ability to upload and download files if you are logged in and have the correct permissions.
What we are looking at doing to help with the organization from the users point of view is having a virtual file system type layout.
Even if (or even preferably) all the users files are actually just stored in one directory, and the virtual file system is just a screen put up from the database.
What we are wondering before we invest in creating this is if this already exists somewhere, open source (but able to be used in commercial software), free, or paid (first two preferably!).
A simple file system on top of PHP can be done by WebDAV that is built on top of PHP:
http://sabre.io/
This would be a good example, but there are others as well. WebDAV is essentially a web based file system (http://en.wikipedia.org/wiki/WebDAV).
This could not only provide a file system, but also would let you edit files directly with Word/Excel (2007+) in it. Showing then a treeview of folders and files would be quite trivial, using few database tables and some jquery components, such as jsTree and jqGrid.
Although if you are searching for a full document management system: http://www.opendocman.com/ or http://code.google.com/p/simpledoc/ this would be more then enough.
It really depends on how many features you are going to incorporate into this system. Will there be an OCR, would you like to store the files in the cloud service, how many user input there will be (is simple upload enough, or camera, scanners and other devices are needed to be used as well)?
As for the commercial products, you could check out Microsoft SharePoint (http://en.wikipedia.org/wiki/Microsoft_SharePoint) or IBM Lotus Notes (http://en.wikipedia.org/wiki/IBM_Lotus_Notes)
My php website allows authorised users share documents by uploading and downloading documents to a document library.
I want to store the files encrypted on the server, and I am trying to use EFS, instead of explicitly encrypting/decrypting in php code on upload/download.
Server is windows server 2003/IIS
I have created a new user on my server, logged on as this user, then encrypted the folder containing the documents using EFS.
I now want to IIS to run my web application as so it can view the encrypted documents. However I am having trouble with this, as doesn't have all the permissions it needs, for example to write session files.
The other approac I have tried is to keep my website running under IUSR_Machine_Name built in user, and getting php to present user credentials when it wants to open a file for streaming, however, I'm stuck with this too.
Looking for advice on:
Is EFS the right approach?
What permissions would
need for IIS to use it to run my web
application?
Is there any way in php to expicitly
present user credentials at the
point where php function fopen accesses my EFS
encrypted files?
I'm working on a project which involves an FTP server running ProFTPd and a PHP/MySQL backend that creates accounts for users.
Upon the creation of accounts, users are sent e-mails with their account details and instructions for downloading FileZilla or CyberDuck, depending on their OS, detected via user-agent string.
To make things easier for novices, I thought of having .lnk files generated for FileZilla with the account logins details as parameters, so they would just have to click on the .lnk files to open up the server. This is not a crucial feature but more of a technical challenge.
My questions are :
is this even feasible ?
are there any alternatives (eg. generating a .bat with a script pointing to the Filezilla executable ?)
are there any issues, perhaps with relative / absolute paths pointing to the executable ?
to go even further, what would be the simplest way of providing users with software with FTP access on a single account / single server (web interface is not an option).
It's very difficult to create .lnk files programmatically. See this answer.
In FileZilla, I think the best you can do reliably is to pass along a filezilla.xml file, and describe the steps necessary to import it after FileZilla has been installed.
I don't see any way that you can do this while making it easier for novice users. If you create a shortcut file, you'd have to know the path of the install. Good luck getting that from a user who you assume would have a hard time using a username/password in an FTP program. Even if you got that, you'd be generating the shortcut file after you receive input from the user, then you'd have to email the file to the user or have them download it -> delay.
I would advise against this. Having worked with clueless users before, any attempt to make things "easier" for them but requiring them to do something else usually backfires immensely. Save yourself the headache, and provide a very well-written how-to instead.