Page 1 of 1

Best way to secure a directory?

Posted: Wed Dec 16, 2009 4:28 pm
by andylyon87
Hi guys

I am looking to provide a secure area where my Dad will be able to upload his business files to my hosting as a backup utility.

Is there a way of doing this, I noticed that a lot of companies offer this. Surely this is pretty simple with the right tools.

Would placing them in htaccess restricting directories below the root be the best way? or are there scripts that would improve the security?

Thanks in advance

Re: Best way to secure a directory?

Posted: Wed Dec 16, 2009 6:10 pm
by Christopher
HTTP authentication would probably be fine for this application. Better would be to find a file upload/browser script and store the files outside of your public HTML directory.

Re: Best way to secure a directory?

Posted: Wed Dec 16, 2009 8:16 pm
by daedalus__
do you have to use a website to do this? there are other ways. i'd say go for it but business information is so sensitive.

Re: Best way to secure a directory?

Posted: Thu Dec 17, 2009 1:01 am
by alex.barylski
On you on a shared host...

Storing files outside of document root is best but then he would need SSh or FTP to get to them (preferably SSH). If your on a shared host, you would proably want to set the permissions to something like CHMOD 700 soonly the owner has read-write access (I may have wrote that down wrong -- double check).

Encryption is one last layer of security I can think that would provide a bit of extra comfort.

Re: Best way to secure a directory?

Posted: Thu Dec 17, 2009 1:29 am
by kaisellgren
PCSpectra wrote:Storing files outside of document root is best but then he would need SSh or FTP to get to them
Why couldn't he upload and download files with PHP?

Re: Best way to secure a directory?

Posted: Thu Dec 17, 2009 1:14 pm
by andylyon87
basically the file upload is going to be automatic from a program I gave him to backup to a hdd, but I am concerned that portable hdd arent always reliable as they are liable to the odd knock. Anyway cut a long story short I thought if I could offer this second option it would make it much better for his documents.

The site will simply allow him to download documents that exist on the site, it will also allow him to view files that are backed up.

I am on shared hosting, it will be contract information and invoice info that will be stored. Will this be ok if it is below document root?

Your help has been great so far thanks

Re: Best way to secure a directory?

Posted: Thu Dec 17, 2009 1:17 pm
by andylyon87
daedalus__ wrote:do you have to use a website to do this? there are other ways. i'd say go for it but business information is so sensitive.
doesn't have to be a website, just cant think of a way that would be easily backed up. He already uses removable disks but I just thought this is more reliable.

Re: Best way to secure a directory?

Posted: Fri Dec 18, 2009 12:41 am
by kaisellgren
andylyon87 wrote:doesn't have to be a website
Using SFTP? Setting the default remote path to a non-web accessible directory and then you can just connect and drag 'n drop files with a secure connection.

Re: Best way to secure a directory?

Posted: Fri Dec 18, 2009 3:51 am
by andylyon87
The upload will likely be done using sftp, it would just be really useful if the thing had an interface

Thanks for your help guys its been great info.

Re: Best way to secure a directory?

Posted: Sun Dec 20, 2009 10:11 pm
by Benjamin
How much is the information you are storing worth?

Re: Best way to secure a directory?

Posted: Sun Dec 20, 2009 10:14 pm
by daedalus__
yeah i was thinking what kai said use an ftp

its more than likely that the interface in an ftp client is going to be similar and more robust than your web application.

Re: Best way to secure a directory?

Posted: Mon Dec 21, 2009 12:33 am
by kaisellgren
I was actually talking about SFTP. It's a different protocol.

Re: Best way to secure a directory?

Posted: Mon Dec 21, 2009 12:56 am
by daedalus__
my bad. i get them confused. but there are still sftp servers and client softwar

Re: Best way to secure a directory?

Posted: Tue Dec 22, 2009 12:36 pm
by andylyon87
The data will be backups of databases of basic testing data.

The other things will probs include invoices.

Is it better for me to scrap this idea? Just get a portable hdd and upload to below the root once a month for example!