I am building a web application that sends emails using PHPMailer and I have built a wrapper class around PHPMailer to log the emails being sent. The one part I have yet to figure out is how to securely save the attachments. I don’t want to read the file contents into a field in a MySQL database because that is not efficient. I don’t want to store them in a folder on the web server because that can be accessed from a web browser (The server doesn’t have a public_html folder so I can’t stick them in a folder that isn’t accessible).
What is the best/proper way to store the email attachments so they can’t be read, other than through my application?
It really depends what you want to do with those files.
If you store then in a public web directory, you could put a .htaccess file in there (assuming you are using apache), to block web access to those files.
You could store then in a folder below the public web folder.
Eg most servers have something like this
where httpdocs is the public folder.
All you need to do is store them in
so they are not web accessible
Another alternative is if you are just looking to audit emails sent, is to BCC them to another email account such as audit@website.com
Then just look at that email account if you ever need to check anything. This would however be difficult to check programatically compared to scanning a director for files on the local server.