Solved

Download only file premission

Posted on 2013-01-16
3
617 Views
Last Modified: 2013-01-16
Hi,

i have designed a php app that allows users to logon and see a collection of documents. i have put the files on the server but am worried that puting a direct link into the files could allow users to modify them or whatever. im curious if its possible to allow the files to only be downloaded once a user selects the link to the file
0
Comment
Question by:M. Jayme Nagy
3 Comments
 
LVL 17

Assisted Solution

by:Kent Dyer
Kent Dyer earned 250 total points
ID: 38785507
Chmod 744 should do it..

If you go to 755 is too much..

HTH,

Kent
0
 
LVL 6

Author Comment

by:M. Jayme Nagy
ID: 38785518
nice!

did not even think of that

so if i restrict the permissions on the folder it should work?

what if i went lower to just allow read access how about 444?
0
 
LVL 31

Accepted Solution

by:
Frosty555 earned 250 total points
ID: 38785563
The permissions for the folder are for the folder, not it's contents, so if you are using unix permissions you need to make sure you change the permissions of the file itself.

However, that said there are a few things you should know:

   1) If the user is accessing the file via a simple HTTP request using a direct URL, they can't modify the file. The HTTP protocol has no provisions to modify files on the server. Changing the chmod of the files only changes the ability for your PHP script itself to modify the files (or FTP, or WebDAV or Samba or some other process running on your server that accesses the server's filesystem).

   2) If you use a direct link to the file, ANYBODY with that URL can download the file, even with chmod 444 permissions.


If you are looking to restrict access to the file (e.g. only allow the user to download it if they are logged into your PHP app), then what you actually want to do is store the files on your server in a directory which is NOT web accessible (e.g. /var/myapp/somefile.zip, or at the very least put it in a directory that has password protection or a .htaccess denying access in Apache).

Then, create a PHP "downloader" script that acts as a middle-man between the user and their file. The user navigates to the downloader script, which authenticates and validate the user's request (forcing them to wait, login etc.) and then it streams the contents of the desired file to them using the readfile() function.

Simple example:

http://php.net/manual/en/function.readfile.php

You can use $_GET parameters to specify which file to download, but watch out to ensure users' can't compromise your server by asking for files they shouldn't be allowed to see, like for example asking to download "/etc/passwd".

http://forums.thedailywtf.com/forums/p/10247/182665.aspx
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Transfer files from Windows 7 to mac 3 77
Problem to run file 9 104
Looking for Document Control Software 7 83
Problem to ToolkitScriptManager 2 51
Shoutout to Emily Plummer (http://www.experts-exchange.com/members/eplummer26.html) for giving me this article! She did most of it, I just finished it up and posted it for her :)    Introduction In a previous article (http://www.experts-exchang…
In this article you will learn how to create a free basic website on Bitbucket, a git service provider. Polymer creates dynamic HTML components, which allow more flexibility than static HTML. This tutorial uses Ubuntu Linux but can also be done on W…
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now