How to secure a directory

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

How to secure a directory

Post by Ollie Saunders »

I'm in the middle of quite a large project which allows my client to:
  • create there own questionnaires (web forms)
  • have people fill in them in
  • view the responses to the questionnaires in a report
  • reports contain graphs which are images, most likely pngs
What I'm going to implement is a feature where a report is generated by taking a "snapshot" of the responses so far. So under any single report can be a number of snapshots. Fine. I have two reasons for using this snapshot idea:
  • This way you won't have to wait around while the server generates a report. You only wait when creating a new snapshot. Graphs and report data that normally have to be dynamically generated can be cached.
  • my client will be able to take several snapshots and see how the responses change over time.
Now my problem is that reports have to be private. They should only be accessible via an administrator password, that is hard coded into the application, and a guest password that will be stored in database, specific to each report (not to each snapshot).

To achieve this I thought that each snapshot would actually be a PHP file prefixed with security checking code at the top and containing the report itself below which is only shown if the user is correct (i've done all this stuff before for the system extranet). This way I can secure the report file itself. But that leaves the issue of the images (graphs) that the report uses. It would still be possible just to request these with the correct URL.

Basically the graphs for a snapshot have to be made private to the PHP file that shows that snapshot. So the only solutions I can think of for this problem are:
  • store the images as a BLOB in the database
    This is not that desirable because there is a performance overhead doing this (which is one of the main reasons for having snapshots in the first place) and also its quite complicated to do. But it would secure the application so it would in that sense WORK
  • secure the folder with apache htaccess rules
    I know you can restrict image downloads to certain referer URLs but that can be spoofed. Could I use HTTP authenication for this? Of course then PHP would have to do the authenication automatically. My knowledge on Apache is limited
  • Image filename (and thus URL) obfuscating / tokening
    Not really that secure, or it is? I suppose I could store tokens for each image in the database. Thoughts?
  • Storing images outside of document root
    Would like to avoid this if possible
Basically I'm not sure what to go for or if there are any other better ideas out there. Ultimately I'm on a tight deadline here so I need something that doesn't take too long to implement and certainly doesn't require me to learn something new.

I'd appreicate any help you can provide so thanks in advance.

ole
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

The last three are often used, sometimes in combination, sometimes not so much the last one (as a lot of hosts apparently don't allow read access outside the document root)

I generally do the middle two.
Post Reply