Uploading/download files safetly?
Posted: Mon Oct 17, 2005 7:51 pm
So, say I am running PHP5 as an apache module under apache2.
I want users to be able to upload files to a directory, and also to be able to download files from that directory, but I only want them to be able to do either using a PHP script. In particular, I do not want users to be able to just enter a URL to download the file. The naive approach is to restrict the permissions on the folder so that apache cannot read from it, but then PHP cannot seem to access it either.
I assume this is a common enough problem, but I am am having trouble searching for results because the search terms (download, file, upload, php, etc.) are too general.
Any advice will be appreciated.
I want users to be able to upload files to a directory, and also to be able to download files from that directory, but I only want them to be able to do either using a PHP script. In particular, I do not want users to be able to just enter a URL to download the file. The naive approach is to restrict the permissions on the folder so that apache cannot read from it, but then PHP cannot seem to access it either.
I assume this is a common enough problem, but I am am having trouble searching for results because the search terms (download, file, upload, php, etc.) are too general.
Any advice will be appreciated.