限制文件访问 - 仅通过PHP读取 [英] Restrict file access -- only read through PHP
问题描述
我在Windows平台上使用GoDaddy网络托管计划。这不是我的选择 - 它与使用ASP.NET的实际站点的不同部分有关(也不是我的选择)。
I am using a GoDaddy web hosting plan on a Windows platform. This was not my choice -- it has to do with a different part of the actual site using ASP.NET (also not my choice).
我有一个SQL数据库,其中包含一些带有一些非敏感客户信息的条目。这个主键是一个AutoIncrement整数,我有一系列与这些整数相匹配的PDF文件(例如555.pdf,7891.pdf等)。
I have a SQL database with a bunch of entries with some non-sensitive customer information. The primary key on this is an AutoIncrement integer, and I have a series of PDF files that match up with each of those integers (e.g. 555.pdf, 7891.pdf, etc).
我的目标是限制对这些文件的直接访问,我希望用户必须首先完成搜索和登录过程(PHP)。最初我打算把文件放在PUBLIC_HTML文件夹上面,但GoDaddy拒绝在没有专用服务器的情况下给我root访问权限(每月20美元)。
My goal is to restrict direct access to these files, I want users to have to go through a search and login process (PHP) first. Originally I planned to put the files above the PUBLIC_HTML folder, but GoDaddy refuses to give me root access without a dedicated server ($20 a month from them).
我接下来要研究的是HTACCESS。我打算通过仅允许访问服务器的IP地址(或localhost / 127.0.0.1)来限制只能访问PHP脚本的文件。不幸的是,这不起作用,因为GoDaddy不会在其Windows服务器上运行Apache。
The next thing I looked into was HTACCESS. I was going to restrict access to the files to only PHP scripts by only allowing access to the Server's IP Address (or localhost/127.0.0.1). Unfortunately this doesn't work because GoDaddy does not run Apache on its Windows servers.
我可以将文件放入数据库中的BLOB,但是当我变得非常混乱时需要快速使用它们(加上我在使用这种方法时遇到了一些麻烦)。
I could put the files into BLOBs in the database, but that gets really messy when I need to work with them quickly (plus I have had some trouble with that approach).
任何限制只能访问PHP脚本的文件的建议(readfile() )?
Any suggestions to restrict access to the files only to a PHP script (readfile())?
推荐答案
由于你不能将文件放在public_html目录中的任何地方,你必须去担心/ 通过隐匿安全 讨厌方法
Since you can't put the files anywhere but in your public_html directory, you'll have to go for the feared/hated "security by obscurity" method
-
创建一个随机命名子目录的文件存储在:的public_html / RANDOMGARBAGE
Create a randomly named sub-directory to store the files in: public_html/RANDOMGARBAGE
确保目录不可浏览。禁用目录浏览(如果可以),并在其中放置默认文档(index.html?),因此即使启用了浏览,您也无法获得目录列表。
Make sure the directory is not browseable. Disable directory browsing (if you can), and put a default document (index.html?) in there as well, so even if browsing is on, you won't get the directory listing.
请勿使用可猜测的名称存储文件。代替与数据库ID存储它们,将它们存储用盐腌+散列名称,而不是: $ crypted_filename = SHA1; (当然,如果你需要,这会使它更复杂)。将原始文件名存储在数据库中。所以,你最终的东西,如:
Don't store your files with guessable names. Instead of storing them with the database ID, store them with a salted+hashed name instead: $crypted_filename = sha1($real_filename . 'some hard-to-guess salt text'); (of course, make this more complex if you need to). Store the original filename in your database. So you end up with something like:
的public_html / RANDOMGARBAGE / 5bf1fd927dfb8679496a2e6cf00cbe50c1c87145
的public_html / RANDOMGARBAGE / 7ec1f0eb9119d48eb6a3176ca47380c6496304c8
经由PHP脚本即成了文件 - 从未链接到散列文件名直接
Serve up the files via a PHP script - never link to the hashed filename directly
下载
然后执行:
<?php
$fileID = (int)$_GET['fileID'];
$crypted_file = sha1($fileID . 'some hard-to-guess salt text');
$full_path = 'public_html/RANDOMGARBAGE/' . $crypted_file;
if (is_readable($full_path)) {
if(user_is_allowed_to_see_this_file()) {
/// send file to user with readfile()
header("Content-disposition: attachment; filename=$ORIGINAL_FILENAME");
readfile($full_path);
} else {
die("Permission denied");
}
} else {
/// handle problems here
die("Uh-oh. Can't find/read file");
}
这样用户永远不会看到你的s00per seekrit文件名是什么,他们只会看到他们的浏览器点击 ... php?fileID = 37 并开始下载 secret file.pdf
This way the user will never see what your "s00per seekrit" filename is, they'll just see their browser hit ...php?fileID=37 and start a download of secret file.pdf
除此之外,您可以偶尔将特殊子目录重命名为其他内容,以及更改salt文本(然后需要您使用新的sha1值更新所有散列文件名。)
On top of this, you can occasionally rename the special sub-directory to something else on a regular basis, as well as change the salt text (which then requires you update all the hashed filenames with the new sha1 values).
这篇关于限制文件访问 - 仅通过PHP读取的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
