Best way to secure a directory?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
andylyon87
Forum Contributor
Posts: 168
Joined: Sat Jan 31, 2004 5:31 am
Location: Dundee

Best way to secure a directory?

Post by andylyon87 »

Hi guys

I am looking to provide a secure area where my Dad will be able to upload his business files to my hosting as a backup utility.

Is there a way of doing this, I noticed that a lot of companies offer this. Surely this is pretty simple with the right tools.

Would placing them in htaccess restricting directories below the root be the best way? or are there scripts that would improve the security?

Thanks in advance
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Best way to secure a directory?

Post by Christopher »

HTTP authentication would probably be fine for this application. Better would be to find a file upload/browser script and store the files outside of your public HTML directory.
(#10850)
User avatar
daedalus__
DevNet Resident
Posts: 1925
Joined: Thu Feb 09, 2006 4:52 pm

Re: Best way to secure a directory?

Post by daedalus__ »

do you have to use a website to do this? there are other ways. i'd say go for it but business information is so sensitive.
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Re: Best way to secure a directory?

Post by alex.barylski »

On you on a shared host...

Storing files outside of document root is best but then he would need SSh or FTP to get to them (preferably SSH). If your on a shared host, you would proably want to set the permissions to something like CHMOD 700 soonly the owner has read-write access (I may have wrote that down wrong -- double check).

Encryption is one last layer of security I can think that would provide a bit of extra comfort.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Best way to secure a directory?

Post by kaisellgren »

PCSpectra wrote:Storing files outside of document root is best but then he would need SSh or FTP to get to them
Why couldn't he upload and download files with PHP?
andylyon87
Forum Contributor
Posts: 168
Joined: Sat Jan 31, 2004 5:31 am
Location: Dundee

Re: Best way to secure a directory?

Post by andylyon87 »

basically the file upload is going to be automatic from a program I gave him to backup to a hdd, but I am concerned that portable hdd arent always reliable as they are liable to the odd knock. Anyway cut a long story short I thought if I could offer this second option it would make it much better for his documents.

The site will simply allow him to download documents that exist on the site, it will also allow him to view files that are backed up.

I am on shared hosting, it will be contract information and invoice info that will be stored. Will this be ok if it is below document root?

Your help has been great so far thanks
andylyon87
Forum Contributor
Posts: 168
Joined: Sat Jan 31, 2004 5:31 am
Location: Dundee

Re: Best way to secure a directory?

Post by andylyon87 »

daedalus__ wrote:do you have to use a website to do this? there are other ways. i'd say go for it but business information is so sensitive.
doesn't have to be a website, just cant think of a way that would be easily backed up. He already uses removable disks but I just thought this is more reliable.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Best way to secure a directory?

Post by kaisellgren »

andylyon87 wrote:doesn't have to be a website
Using SFTP? Setting the default remote path to a non-web accessible directory and then you can just connect and drag 'n drop files with a secure connection.
andylyon87
Forum Contributor
Posts: 168
Joined: Sat Jan 31, 2004 5:31 am
Location: Dundee

Re: Best way to secure a directory?

Post by andylyon87 »

The upload will likely be done using sftp, it would just be really useful if the thing had an interface

Thanks for your help guys its been great info.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: Best way to secure a directory?

Post by Benjamin »

How much is the information you are storing worth?
User avatar
daedalus__
DevNet Resident
Posts: 1925
Joined: Thu Feb 09, 2006 4:52 pm

Re: Best way to secure a directory?

Post by daedalus__ »

yeah i was thinking what kai said use an ftp

its more than likely that the interface in an ftp client is going to be similar and more robust than your web application.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Best way to secure a directory?

Post by kaisellgren »

I was actually talking about SFTP. It's a different protocol.
User avatar
daedalus__
DevNet Resident
Posts: 1925
Joined: Thu Feb 09, 2006 4:52 pm

Re: Best way to secure a directory?

Post by daedalus__ »

my bad. i get them confused. but there are still sftp servers and client softwar
andylyon87
Forum Contributor
Posts: 168
Joined: Sat Jan 31, 2004 5:31 am
Location: Dundee

Re: Best way to secure a directory?

Post by andylyon87 »

The data will be backups of databases of basic testing data.

The other things will probs include invoices.

Is it better for me to scrap this idea? Just get a portable hdd and upload to below the root once a month for example!
Post Reply