Documents and Database Users

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
jestrada101
Forum Newbie
Posts: 2
Joined: Wed Jan 24, 2007 1:09 pm

Documents and Database Users

Post by jestrada101 »

I am trying to determine the best approach to handling files via the web.

I have a database for a web application that authenticates users (mySQL).

We want to add teh capability for users to download files within the application.

What are teh recommended methods?

Loading the files into the database?

Storing on teh o/S? If so, how do I secure them from someone directly typing direct access to them?

Any ideas or recommendations would be great.

Thanks
JE
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

It is probably easiest to store them as files. To protect them, put them in an inaccessable directory (either outside webroot or .htaccess). To make them available, take a look at PHP's header() function. You just set the MIME type and dump the file to the browser.
(#10850)
jestrada101
Forum Newbie
Posts: 2
Joined: Wed Jan 24, 2007 1:09 pm

Thanks!

Post by jestrada101 »

Thanks! I'll research that!
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

Here is a link to the readfile() docs that has an example of a download script:

http://www.php.net/manual/en/function.r ... .php#56109

Also not that the .htaccess file would be in a directory with the files you want to protect. You would set it to deny all access.
(#10850)
Post Reply