Help
Hi,
I have a directory with files in it, the files are named based on an ID in a database table which the directory is synchronized with using PHP.
The trouble with this method is anyone can simply type ...
1.zip
24.zip
They can download any file they want, does anyone have any techniques for making a secure file download system?
Page 1 of 1
Techniques for secure file upload / download
Rate Topic:
#1
- Advanced Member
-
- Group: Members
- Posts: 359
- Joined: 18-November 10
- Location:UK
Posted 08 May 2012 - 10:43 AM
#2
- Advanced Member
-
- Group: Members
- Posts: 441
- Joined: 14-January 11
- Location:Vienna (Austria)
Posted 08 May 2012 - 11:06 AM
Just a quick thought but you know who is logged in via Yii::app()->user->id. So you could add a method to your CWebUser class like
and in your controller
public function isOwnerOfFile($filename)
{
return $this->id==(int)$filename;
}and in your controller
public function actionDownload($filename)
{
if(!$this->isOwnerOfFile($filename))
throw new CHttpException(403,'Not allowed');
}
codecrumbs.at
My extensions:
ActiveResource for Yii - the RESTful equivalent to ActiveRecord | Neo4Yii - wrapper for the Neo4j graph database | EPhpThumb - a simple, lightweight wrapper for the phpThumb library
Get social:
Circle me on Google Plus
Follow me on Twitter
My extensions:
ActiveResource for Yii - the RESTful equivalent to ActiveRecord | Neo4Yii - wrapper for the Neo4j graph database | EPhpThumb - a simple, lightweight wrapper for the phpThumb library
Get social:
Circle me on Google Plus
Follow me on Twitter
Share this topic:
Page 1 of 1