I’m just wanting to confirm that what I’m doing is actually secure.
Firstly, I have a GoDaddy shared hosting account, but I do have a dedicated IP address.
Let’s call my server path /path.
My site’s files are located in /path/mysite
When a user uploads a file, I move it to /path/uploads/file_name.
It is impossible for someone to reach that folder via a URL.
To add, I have a .htaccess file in /path/uploads with the following:
order deny,allow
deny from all
allow from 1.1.1.1 #let's say 1.1.1.1 is my server's IP address.
And then to actually initiate a download of the file, my users will follow a link to mysite.com/file.php?q=[file_id]
And in file.php, I download like so:
$mime = mime_content_type($location);
header('Content-disposition: attachment; filename='.$name);
header('Content-type: '.$mime);
readfile($location);
As far as I know, it’s not possible for anyone’s uploaded files to run on my server, but I may be wrong.
Are there any security gaps that I need to take care of?
First, you don’t need the
allow from 1.1.1.1as this will allow you to access this directory via Apache services. No, you will only ever access this directory from an executing program / script.Second, this is a pretty standard template to address this type of problem. So its well worth looking and widely used packages such as MediaWiki or BB engines such as phpBB approach this and mirror some of their security checks.
My third suggestion picks up the point made by Marc B, you need to think about constraints on the file name and file types that you want to allow / support, and the possibilities of other attacks. One approach is simply to store files with the filename and ascending ID and keep the ID/user filename as a map in a DB table. You also need to think not only about attacks on your server, but that malicious users could use this upload facility to implement XSS and other attacks.