<div>
<div class="content wysiwyg-content">
Hi<br />
<br />
I have completed a php form when once submitted it writes a json file to the &quot;files/&quot; folder, and the user can create a PDF file by clicking on the link (see code below)<br />
I am concerned about security as the JSON files saved in the &quot;files/&quot; folder will contain sensitive information on the server.<br />
<br />
Can anyone advise the best practice to manage/improve this situation?<br />
Hope this makes sense :)<br />
<br />

<pre><code id="code-10-29009493-1"> &lt;!-- Print Receipt to PDF, Write Form Values to JSON file and Create PDf on the Fly when link is clicked --&gt;
&lt;?php
$arr = ['pfn' =&gt; $pfirstname, 'pln' =&gt; $plastname, 'pa1' =&gt; $paddress1, 'pa2' =&gt; $paddress2, 'ptv' =&gt; $ptownvillage, 'pec' =&gt; $postcode, 'amo' =&gt; $amount];
$temp_name = uniqid(rand(), true) . '.json';
file_put_contents('/var/www/MyWebsite/files/' . $temp_name, json_encode($arr));        
?&gt;        
&lt;?php echo '&lt;a href=&quot;https://mywebsite/pdf.php?q=files/' . $temp_name . '&quot; target=&quot;_blank&quot;&gt;Download PDF&lt;/a&gt;'; ?&gt;</code></pre>
</div>
</div>


Hi

I have completed a php form when once submitted it writes a json file to the "files/" folder, and the user can create a PDF file by clicking on the link (see code below)
I am concerned about security as the JSON files saved in the "files/" folder will contain sensitive information on the server.

Can anyone advise the best practice to manage/improve this situation?
Hope this makes sense :)

(CODE)

Create PDF from JSON File - Security Issue

A Portable Document Format (PDF) is a file format consisting of an electronic image resembling a printed document and can be viewed, printed, and electronically transmitted. PDF files can store various types of data, including formatted text, vector graphics, and raster images. The page layout defines the location, size, and shape of each page and each item on the page. The information looks the same no matter what device or program is used to open it.

JavaScript Object Notation, or JSON, is human-readable text used when transmitting data objects consisting of attribute:value pairs between a server and a web application as an alternative to XML. JSON, while it is originally derived from JavaScript, is a language-independent data format. Code for parsing and generating JSON data is available in many programming languages.

JSON

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

PHP is a widely-used server-side scripting language especially suited for web development, powering tens of millions of sites from Facebook to personal WordPress blogs. PHP is often paired with the MySQL relational database, but includes support for most other mainstream databases. By utilizing different Server APIs, PHP can work on many different web servers as a server-side scripting language.