We help IT Professionals succeed at work.

File Security

steva
steva asked
on
I have a directory in my web space with images that I sell. PHP code validates payment through PayPal and then delivers the purchased image as an email attachment to the buyer. My concern is someone gaining access directly to the folder of images and downloading everything.

I can give the folder an unguessable name so no one can enter

                          www.mysite/unguessablefolder/image.jpg.

But if someone got a hold of the PHP code they would see there the unguessable name.  My understanding, though, is that Apache won't serve up any .php files so even if they knew the php file they needed was "fulfillorder.php" they couldn't get it from the server.  

Am I thinking straight here or is there something else I should be doing to protect the images?

Thanks for any ideas.
Steve

Comment
Watch Question

Commented:
Not sure which web server you're using.  Just in case it's apache, you may consider customize httpd.conf to protect the access of the image folder ..  But maybe you need to keep two set of image folder ; one with water mark for show over the web ; and one without for sending mail ...

<Directory /usr/local/httpd>
Order Deny,Allow
Deny from all
Allow from xxxx
</Directory>

Reference:
http://httpd.apache.org/docs/current/misc/security_tips.html

Author

Commented:
Sorry.   I posted to the Apache zone so assumed Apache would be understood.  But yes, Apache.  I don't have access to the server, though.  As someone just having their site hosted by someone who's using an Apache server, do I have access to httpd.conf?

Thanks
BRONZE EXPERT
Commented:
What I would do is password protect the folder with .htaccess (see attached) in the unguessablefolder.

Then, when somebody buys an image, you generate a random username and password, which you then fopen() with PHP in append mode, and put into the referenced .htpasswd file in the format "user:encryptedpass" (you can encrypt the password using the crypt() function)

If you're smart, you make the username something like YYYYMMDD (today's date in that format) and then you can have a script automatically purge old entries so that the username/password is only good for a certain length of time. You would not need any access to the server httpd.conf to accomplish this.


# /path/to/unguessablefolder/.htaccess
AuthUserFile /parent/directory/of/your/web/root/.htpasswd
AuthName "Enter Username and Password"
AuthType Basic
<Limit GET>
  order deny,allow
  deny from all
  allow from all
  require valid-user
</Limit>

Open in new window

Author

Commented:
Hi xterm. Good to see you again.

This is a bit new to me so let me make sure I understand what you're saying.

You're suggesting that when I get an order I generate a random username and password for this person, let's say user = “20111103_abcd” and pass = “efgh”. Then I fopen() with append the .htpasswd file and write 20111103_abcd:efgh_encrypted at the end of the file. Placing lines 1-10 above then  in a .htaccess file in the unguessabefolder will cause an access to the folder to prompt for and automatically check  username/password.   Is that it?

One thing that isn't clear is what I deliver to fulfill the order.

Thanks for your help.
BRONZE EXPERT

Commented:
Yes, you've got it exactly.

What you can do then is pop up an untitled window to the URL http://myserver/unguessablefolder/foo.image, which will then give the user a dialog that says "Enter username and password", which will need to match what you just inserted into .htpasswd.

They will enter it, and then it will either open or prompt the user to save the image depending on what they have their browser set to do with that image type.

Even if somehow they stumble upon the name of unguessablefolder, it won't be of any use without a password.

Furthermore, I would say to you, just put an empty index.html in the images directory so that even if they DID find the folder and browse to it authenticated, they won't see the files in it.

Author

Commented:
When you say "pop up an untitled window to the URL http://myserver/unguessablefolder/foo.image" what are you thinking of?  I can do this with JavaScript but we're operating at the server here in PHP.

And it looks like I need to echo the username/password to  them so they know what to enter, right?
BRONZE EXPERT

Commented:
I was thinking javascript window.open mixed into your php, yes, but you can do it any number of ways.

Yes, you'll need to give them their username/password.  I was thinking they see that, with a link or button underneath which when clicked will feed them their image.

Author

Commented:
Ok.  Thanks for all your help.  I won't keep you any longer.  I gave you the points.

One thing about the JavaScript window.open, though, is that it's impossible, I believe, to hide the path that appears in the address bar of the window.  Browsers force this to prevent phishing, so the path to the secret folder would be visible.  And to be honest, I can't think right now of a way to pop up a window on the user's screen using just PHP.  But I can dig this out.

Thanks again for your help.
BRONZE EXPERT

Commented:
You may be right - what you COULD do though, is simply fopen() the image within your code, pump it into a variable, and then echo the content-type header for whatever image type it is, and toss it at the browser.  Then the URL would just show the PHP page serving it.

I hope I've given you lots of ideas for how to skin this cat though!

Author

Commented:
Yes!  Thank you.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.