为PDF创建安全文件托管服务器 [英] Creating a Secure File Hosting Server for PDFs
问题描述
我正在开发一个网站,允许客户登录并查看保存在服务器上的各种 PDF 。这些PDF对于客户来说是独一无二的,不应该被没有登录的人访问。将文件传送到服务器上应该不是问题,我只是不确定如何向最终用户提供这些文件。 / p>
我使用来自 SQL服务器的数据实现了这种事情,而不是文件,所以我不完全确定这是最有效的方法。
网站位于 LAMP 以及我的最小经验在 PHP 中(但是如果框架或其他语言会使这更简单,我可以学习它)。
我可能在我的脑海中,但我通常是,所以任何输入将是伟大的。
解决方案的webroot。然后使用PHP通过脚本传递文件。这样,没有人可以直接链接到文件并绕过您的控件。 (自然要确保只有在验证用户有权检索该文件后才执行此操作)。
示例PHP:
<?php
session_start();
if(!isset($ _ SESSION ['authenticated'])){
exit;
}
$ file ='/path/to/file/outside/www/secret.pdf';
header('Content-Description:File Transfer');
header('Content-Type:application / octet-stream');
header('Content-Disposition:attachment; filename ='。basename($ file));
header('Content-Transfer-Encoding:binary');
header('Expires:0');
header('Cache-Control:must-revalidate,post-check = 0,pre-check = 0');
header('Pragma:public');
header('Content-Length:'。filesize($ file));
ob_clean();
flush();
readfile($ file);
出口;
?>
I'm working to develop a website that allows clients to log in and see various PDFs saved on the server. These PDFs will be unique to the client and should not be accessible by someone who is not logged in. Getting the files onto the server shouldn't be an issue, I'm just not sure on how to serve them to end users.
I've implemented this kind of thing with data from SQL servers being served instead of files, so I'm not entirely sure what the most effective way to go about this.
The website is on a LAMP and my minimal experience is in PHP (but if a framework or other language would make this easier, I can learn it).
I'm probably in over my head but I usually am, so any input would be great.
Put the files outside of the webroot. Then using PHP pass the file though a script. That way no one can link to the file directly and bypass your controls. (Naturally make sure the script that does this only after verifying the user has permission to retrieve that file).
Sample PHP:
<?php
session_start();
if (!isset($_SESSION['authenticated'])) {
exit;
}
$file = '/path/to/file/outside/www/secret.pdf';
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
?>
这篇关于为PDF创建安全文件托管服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
