My php website allows authorised users share documents by uploading and downloading documents to a document library.
I want to store the files encrypted on the server, and I am trying to use EFS, instead of explicitly encrypting/decrypting in php code on upload/download.
Server is windows server 2003/IIS
I have created a new user on my server, logged on as this user, then encrypted the folder containing the documents using EFS.
I now want to IIS to run my web application as so it can view the encrypted documents. However I am having trouble with this, as doesn't have all the permissions it needs, for example to write session files.
The other approac I have tried is to keep my website running under IUSR_Machine_Name built in user, and getting php to present user credentials when it wants to open a file for streaming, however, I'm stuck with this too.
Looking for advice on:
Is EFS the right approach?
What permissions would
need for IIS to use it to run my web
application?
Is there any way in php to expicitly
present user credentials at the
point where php function fopen accesses my EFS
encrypted files?
Related
I have some files (mp4/pdf/etc..) that I want to deploy to my webserver, but I want access to be restricted so only users who have been authenticated can access them.
The server is running centos 7 with nginx and I have a MYSQL database as well. I understand how to authenticate users using PHP but I don't know how to actually restrict the files from being accessed otherwise.
I expect to be able to provide authenticated users with some link to download the content, but any users who are not logged in will receive some error message.
Put the files outside the web server's document root so they can't be accessed directly by any user. Then create a download page in PHP that verifies your existing authentication, sets appropriate download headers, reads the file, and dumps the contents to the user.
If using Windows Azure and an ASP.NET web site with PHP script to upload files, can I access those files from the server or must I use the Data Storage facilities?
i.e. I'd like to reference the files directly from html\server... etc. I think I probably should be able to.
Thank you.
How are you hosting your ASP.NET website. If it's hosted in a Web Role, then you won't have access to a persistent "standard" file system for that role. (especially if you've scaled over multiple instances).
Have a look at the following tutorial on using blob storage from PHP. http://www.windowsazure.com/en-us/develop/php/how-to-guides/blob-service/
You can use the blob storage quite easily to access them with standard HTTP links from your ASP.NET site. i.e.
http://your-storage-account.blob.core.windows.net/your-container/file.txt
I am currently writing an application using the Yii-framework in PHP that stores a large number of files uploaded by the users of the application. I decided that since the number of files are going to be ever increasing, it would be beneficial to use Amazon S3 to store these files and when requested, the server could retrieve the files and send it to the user. (The server is an EC2 instance in the same zone)
Since the files are all confidential, the server has to verify the identity of the user and their credentials before allowing the user to receive the file. Is there a way to send the file to the user in this case directly from S3 or do I have to pull the data to the server first and then serve it to the user.
If So, Is there any way to cache the recently uploaded files on the local server so that it does not have to go to s3 to look for the file. In most cases, the most recently uploaded files will be requested repeatedly by multiple clients.
Any help would be greatly appreciated!
Authenticated clients can download files directly from S3 by signing the appropriate URLs on the server prior to displaying the page/urls to the client.
For more information, see: http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html
Note that for confidential files you may also want to consider server-side/client side encryption. Finally, for static files ( such as images ) you may want to set the appropriate cache headers as well.
Use AWS Cloud Front to server these static files. Rather than sending the files to the user, send them links to the files. The Links need to be cloud front links & not direct links to the S3 bucket.
This has the benefit of keeping load low on your server as well as caching files close to your users for better performance.
More details here Serving Private Content through CloudFront
I am developing a web application in PHP as a replacement of Microsoft Access based application for a company.
In old access application in their database they were storing a link to a word document, which further links to other documents. Now in access form they are showing that link, when click on that link they can open the word document from a common folder in a network PC and make any changes the that file (pretty easy for user).
Is there any way to do the same through the web-based application?
What if I just move the common folder in my www directory?
In that case they can open the file easily, but if they have to make any change they have to download the file on their PC, and the changes will be done to their local file not in the file that is on server. So they need to move file to server back or ask network admin for moving the file back to the server
What if I keep common folder in a network PC it self and try to access it form there?
Just by clicking I can’t open a file form client’s or any other network PC. For this when click on the link I have to open & read file through PHP on web server. Using any document to PDF converter, I have to convert the file format and then open it in browser. Here the problem are,
Still I can’t make changes in file and
I have to fix about the format that I might need to convert in PDF.
I am not sure how the other documents that are linked to the main document will work.
There's two ways of doing this: (a) let the user download it from your web application, either statically (stored on the web server) or dynamically (processed in PHP or even built in real-time).
Or, (b) use a file link to a known location on the user's disk, such as file://C:/mydoc.doc.
Addendum - if you want to write to the file in your web app, but also have the user open the same copy, use (b) rather than (a). This presumes that the location of the file is available through a local or network path.
I am currently developing my own Google Chrome extension right now. My extension has the functionality to save and retrieve user data(bookmarks, browser preferences) from a local storage in a computer. Right now there are tools and technologies I am considering to use for the development of the said extension. Which brings us to my question:
I know for sure that PHP can be responsible for the file handling which includes storing and retrieving of browser data. My concern is that the security of the written file. Is it possible to put the written text file in a folder which is locked? Is it possible to make that folder account-controlled meaning for the folder to be accessed there should be username and password to be entered? What tool or technology can handle this?