I’m working on an application (LAMP) where users can upload files to the server but cannot share it’s files with other users. So, my problem is to implement a secure mechanism that ensures user A cannot access to files uploaded by user B.
My approach is this:
- Each user has a folder for its files (/upload/userA)
- Add a .htaccess file to redirect all access to /upload folder to a PHP script
- Check if the user has permission to access to the subdirectory (/userA)
Can you see any drawback in this approach? Any better alternative?
Instead of making hard references to files, you can make something like
download.php?id=1234and just check for1234from database whether user has privileges to download the file and do not show the physical path to user at all.With HTTP headers, you can force users to download file with a filename you have desired (stored on database). Allowing users to directly access their files from physical paths is not a good idea and if you try to make a hook with
.htaccessupon each request, that will be more expensive, indeed.Most systems consider generating some random strings or GUIDs that you can’t simply access someone else’s file by changing a character randomly. i.e. in Facebook images,
../187170_697610597_4628627_q.jpgthere is that complicated URL which users can directly access but can not guess another image URL by changing a few digits, that’s too difficult but not safe and does not meet your requirements.