[nycphp-talk] protecting download directory in PHP app on Unix box?
Michael B Allen
ioplex at gmail.com
Wed May 28 12:39:37 EDT 2008
On Wed, May 28, 2008 at 11:25 AM, Kristina Anderson
<ka at kacomputerconsulting.com> wrote:
> This might be off topic as well...but I have a PHP app that submits to
> Paypal and then on the "thank you" page, I provide a link to a PDF that
> they bought.
>
> The server is Unix based, and before submitting the sale, I collect
> various information about the user, and then when the transaction is
> complete, I get a unique transaction ID from Paypal.
>
> What's the easiest, quickest way to provide some level of complexity to
> the downloads so that people can't just go back into the directory and
> download every PDF without paying? It doesn't have to be 100% secure
> but should be secure enough to keep out "most" people.
>
> I've been looking into .htaccess but wondering if that's overkill and
> there isn't some way to authenticate against my DB information before
> allowing the download?
Hi Kristina,
If you want to allow static downloads (meaning the user directly links
to the file) then your options are fairly limited. Apache might offer
some kind of connection based controls but I'm not aware of anything
that would be applicable. If you allow user's static access to files,
in general, anyone can access any files. About the only thing you
could do with static downloads is make the filename or part of the
path name unique to the user or their session. Meaning you could
create a subdirectory based on the user's username or the session ID
and then place the file or a link to the file in that directory. Then
you could have a cron that deletes directories older than a certain
time.
If you can do scripted downloads (meaning PHP is interpreting the
request and writing the file contents to the client) then your access
control options increase significantly. With script level access
control you can of course check the user's information in the database
to determine definitively if they are permitted access to the
particular file.
Or you could use a combination of both static and scripted access. For
example, you could scramble your filenames using a reversible
transformation such as using mcrypt_{encrypt,decrypt}. Store your
files using the scrambled names. Send the user a link with the
scrambled name. Then when they request the file, de-scramble the name
so that you can send a Content-Disposition header with the friendly
filename.
Of course there are many permutations of this. It really depends on
your specific needs and constraints.
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
More information about the talk
mailing list