Secure client file

Hi All

I am fairly new to yii, so sorry if this is not a stupid question. I am creating a site where different user can login and create or upload files, and the user can only access their own files. However, what is the best way to secure these files.??

From my understanding I can’t put them in /protected, as it’s not a good practice. and yet I dont’ want to put them in public folders and potential become accessible by any one else.

What is the best way to do this? (I know i could use random strings as file names, but there’s got to be a better and secure way.)

Thanks in advance.

Jason

store in database…

or

make separate folders using userid or username etc.

@Rajith R - please stop recommending the database for storing files, it’s a bad idea overall.

@jasocl - store them in your /protected folder, where these cannot be directly accessed via url.

Then in the database, have a relation between the users and their files, next, based on the relation, create a "download" controller that will check if the user is allowed to download that file or not. If he is allowed, just find the file in the protected folder, read it (http://php.net/readfile see exemplae #1), append it the correct headers for download, and let the user download it.

Hi Mate!! cheers, that’s a great idea. Database is definitely a slow and costly option. I will lookup “readfile” and do as suggested. Thanks again!!!