Where do I securely store user uploaded files?

This site is best viewed in a modern browser with JavaScript enabled.

Where do I securely store user uploaded files?

Ntrimgs

I have an application where registered users will upload various files (.doc, .pdf) and I need them stored somewhere secure so somebody who isn't registered can't access them. Normally I've just had all file uploads to go a folder in the site root, but I'm thinking that probably isn't a good idea.

Any suggestions on how to make this more secure?

jayantgeek

yeah , well you can store the files on other server like

for example you have made the app on the domain www.example.com make another subdomain upload.example.com from where all the file validation , uploading and renaming will be done then transfer the file to another subdomain(storage server) like this any name which does not seem that it is saving the files users upload , probably upstor.example.com or any random number and remember to delete the original file from upload.example.com .... hope this is a nice idea and helps too ...

Ntrimgs

I don't think using another domain is going to be an option with this.

What about using a .htaccess file and putting that in the main folder where the files are stored? Would that work?

Or what about placing the folder outside of the root folder of the site? Would that prevent outsiders from grabbing the files but still allow the registered users to access them?

jayantgeek

Well initially I also thought of doing so but I felt that if a intrusor gets access to your main server (www.example.com) then he can easily access the .htaccess file and make the complete folder web accessible but he cant if you place the files on a separate server , that would take the files security one step further.
Thats why I advised to use a separate server.

Ntrimgs

So if we went the route of storing them on a separate server, do we get another domain name that points to that server? And how do you move the uploaded files to another server?

johhny-s

I would ignore the suggestion about using a completely different server for security reasons; if someone can hack one of your servers, they can hack the other one too, and you would have bigger problems than them stealing your files if that happened...

I would probably store the files outside of the web root, so that they're not even accessible directly over the web; then have a script that when accessed, validates that the person is logged in, and then transfers the file to them.

So your server side script (ie php/dotnet)

checks they're a valid user (ie by the standard user-is-logged-in check that you're doing else where on the site - checking the session or whatever)
sets the correct headers for the file type, eg Content-Type: application/octet-stream
reads the file from wherever it is on the server
outputs it to the user's browser

1b. if they're not a valid user, the connection is ended and they don't get the secure file.

this means that they only get the file if they're a valid, logged in user.

jayantgeek

@johhny-s

But if they can hack into your validation system which validates the user is logged in or not will get an easily access to the files.
but if we store the files on different server we can password protect directories which can only be bypassed by the app and we only check which user has logged in and select the particular file or files which he has uploaded .
Regards
Jayant
Please do Correct me if I am wrong any where.

criterion9

I would say if a user breaks into another users account by guessing the authentication details then their files would be compromised either way. There is not really a need to store the files on another server, just outside of the web root so users can't upload a file and then access it directly (especially if you are allowing all types of uploads) as a user could directly infect your server by uploading an executable script and then running it by pointing their browser to it.

jayantgeek

@criterion9

Thanks to you too , now can you please tell me how to save the user files outside web root using php , waiting for your response.

Jayant

criterion9

Either you store the files above the htdocs (or whatever your base folder is) or you can store them in a sub folder and block all access with htaccess. Then as described above you check authentication (or whatever you are validating) and then output the appropriate headers for the content type, read the file, then echo the contents.

Probably could search for a couple of different things for this, "htaccess deny access", "upload file to directory php", & "force download dialog php".