Best way to secure a directory?
Moderator: General Moderators
-
andylyon87
- Forum Contributor
- Posts: 168
- Joined: Sat Jan 31, 2004 5:31 am
- Location: Dundee
Best way to secure a directory?
Hi guys
I am looking to provide a secure area where my Dad will be able to upload his business files to my hosting as a backup utility.
Is there a way of doing this, I noticed that a lot of companies offer this. Surely this is pretty simple with the right tools.
Would placing them in htaccess restricting directories below the root be the best way? or are there scripts that would improve the security?
Thanks in advance
I am looking to provide a secure area where my Dad will be able to upload his business files to my hosting as a backup utility.
Is there a way of doing this, I noticed that a lot of companies offer this. Surely this is pretty simple with the right tools.
Would placing them in htaccess restricting directories below the root be the best way? or are there scripts that would improve the security?
Thanks in advance
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Best way to secure a directory?
HTTP authentication would probably be fine for this application. Better would be to find a file upload/browser script and store the files outside of your public HTML directory.
(#10850)
- daedalus__
- DevNet Resident
- Posts: 1925
- Joined: Thu Feb 09, 2006 4:52 pm
Re: Best way to secure a directory?
do you have to use a website to do this? there are other ways. i'd say go for it but business information is so sensitive.
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: Best way to secure a directory?
On you on a shared host...
Storing files outside of document root is best but then he would need SSh or FTP to get to them (preferably SSH). If your on a shared host, you would proably want to set the permissions to something like CHMOD 700 soonly the owner has read-write access (I may have wrote that down wrong -- double check).
Encryption is one last layer of security I can think that would provide a bit of extra comfort.
Storing files outside of document root is best but then he would need SSh or FTP to get to them (preferably SSH). If your on a shared host, you would proably want to set the permissions to something like CHMOD 700 soonly the owner has read-write access (I may have wrote that down wrong -- double check).
Encryption is one last layer of security I can think that would provide a bit of extra comfort.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Best way to secure a directory?
Why couldn't he upload and download files with PHP?PCSpectra wrote:Storing files outside of document root is best but then he would need SSh or FTP to get to them
-
andylyon87
- Forum Contributor
- Posts: 168
- Joined: Sat Jan 31, 2004 5:31 am
- Location: Dundee
Re: Best way to secure a directory?
basically the file upload is going to be automatic from a program I gave him to backup to a hdd, but I am concerned that portable hdd arent always reliable as they are liable to the odd knock. Anyway cut a long story short I thought if I could offer this second option it would make it much better for his documents.
The site will simply allow him to download documents that exist on the site, it will also allow him to view files that are backed up.
I am on shared hosting, it will be contract information and invoice info that will be stored. Will this be ok if it is below document root?
Your help has been great so far thanks
The site will simply allow him to download documents that exist on the site, it will also allow him to view files that are backed up.
I am on shared hosting, it will be contract information and invoice info that will be stored. Will this be ok if it is below document root?
Your help has been great so far thanks
-
andylyon87
- Forum Contributor
- Posts: 168
- Joined: Sat Jan 31, 2004 5:31 am
- Location: Dundee
Re: Best way to secure a directory?
doesn't have to be a website, just cant think of a way that would be easily backed up. He already uses removable disks but I just thought this is more reliable.daedalus__ wrote:do you have to use a website to do this? there are other ways. i'd say go for it but business information is so sensitive.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Best way to secure a directory?
Using SFTP? Setting the default remote path to a non-web accessible directory and then you can just connect and drag 'n drop files with a secure connection.andylyon87 wrote:doesn't have to be a website
-
andylyon87
- Forum Contributor
- Posts: 168
- Joined: Sat Jan 31, 2004 5:31 am
- Location: Dundee
Re: Best way to secure a directory?
The upload will likely be done using sftp, it would just be really useful if the thing had an interface
Thanks for your help guys its been great info.
Thanks for your help guys its been great info.
Re: Best way to secure a directory?
How much is the information you are storing worth?
- daedalus__
- DevNet Resident
- Posts: 1925
- Joined: Thu Feb 09, 2006 4:52 pm
Re: Best way to secure a directory?
yeah i was thinking what kai said use an ftp
its more than likely that the interface in an ftp client is going to be similar and more robust than your web application.
its more than likely that the interface in an ftp client is going to be similar and more robust than your web application.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Best way to secure a directory?
I was actually talking about SFTP. It's a different protocol.
- daedalus__
- DevNet Resident
- Posts: 1925
- Joined: Thu Feb 09, 2006 4:52 pm
Re: Best way to secure a directory?
my bad. i get them confused. but there are still sftp servers and client softwar
-
andylyon87
- Forum Contributor
- Posts: 168
- Joined: Sat Jan 31, 2004 5:31 am
- Location: Dundee
Re: Best way to secure a directory?
The data will be backups of databases of basic testing data.
The other things will probs include invoices.
Is it better for me to scrap this idea? Just get a portable hdd and upload to below the root once a month for example!
The other things will probs include invoices.
Is it better for me to scrap this idea? Just get a portable hdd and upload to below the root once a month for example!