Secure, dynamic user pdf storage advice

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
the_enn
Forum Newbie
Posts: 3
Joined: Mon Aug 15, 2016 3:16 pm

Secure, dynamic user pdf storage advice

Post by the_enn »

Hi all,

Newbie here looking for some general advice.

I'm going to be working on upgrading an old site which allowed users to create a free account, then create dynamic pdfs based on their input values on a form. To create the pdfs, they have to pay for them. Then, once they create the pdf, the user can see a list of pdfs they've generated and then re-download those pdfs again at any time.

My question is with regard to securing storage of those pdfs in a MySQL database. Right now, there is a directory solely used to store the actual pdfs (the directory's name is random numbers and letters). We are using a hashed index in MySQL to associate with the pdf filename in the pdf directory. We are using external hosting (currently Bluehost).

Any advice with regard to securing that pdf directory so that someone couldn't hack the site and just download all the pdfs that users paid for?

Thanks for ideas!
User avatar
Christopher
Site Administrator
Posts: 13592
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Secure, dynamic user pdf storage advice

Post by Christopher »

Store the PDFs in a directory outside of your webserver's document root, so they are not accessable. Then use PHP do download them. See the PHP manual page for readfile() for an example, but essentially this:

Code: Select all

<?php
$download_path = '/path/to/download/dir/';
$download_file = 'example.pdf';
header("Content-type:application/pdf");
header("Content-Disposition:attachment;filename='$download_file'");
readfile($download_path . $download_file);
(#10850)
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Secure, dynamic user pdf storage advice

Post by requinix »

To be clear, are you talking about securing them against users on your site who are not supposed to have access? Or about making them secure on the server because you're using shared hosting and you don't want someone else on the server to be able to locate and read those files?
the_enn
Forum Newbie
Posts: 3
Joined: Mon Aug 15, 2016 3:16 pm

Re: Secure, dynamic user pdf storage advice

Post by the_enn »

Christopher wrote:Store the PDFs in a directory outside of your webserver's document root, so they are not accessable. Then use PHP do download them. See the PHP manual page for readfile() for an example, but essentially this:

Code: Select all

<?php
$download_path = '/path/to/download/dir/';
$download_file = 'example.pdf';
header("Content-type:application/pdf");
header("Content-Disposition:attachment;filename='$download_file'");
readfile($download_path . $download_file);
Thanks for this, Christopher.
requinix wrote:To be clear, are you talking about securing them against users on your site who are not supposed to have access? Or about making them secure on the server because you're using shared hosting and you don't want someone else on the server to be able to locate and read those files?
It's primarily for the latter, since a given user won't see the download directory path and would have a hard time guessing where the pdfs are stored.

My main concern is because of the shared hosting and wouldn't want someone to be able to grab the pdfs from the file directory. Would this be an .htaccess configuration solution?
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Secure, dynamic user pdf storage advice

Post by requinix »

.htaccess only affects Apache. You have to do something on the actual filesystem to block users on that machine.

Unfortunately this is tricky and might not even be possible for you to do. It depends on the answer to one question:

If you look at the generated PDFs through FTP or SSH, are the files owned by your personal user account or is it a generic "www-data" or "apache" or "httpd" or similar? This is the same answer to the question of what user account PHP is running as.

If it's your account then that's great: make the PDF directory have permissions 0770 and the generated files have 0660. That's all.
If it's a generic account then you're stuck, and anyone on the server sufficiently motivated will be able to somehow get access to those files (with a bit of work). A simple solution is to store the files elsewhere. Less simple is to store the content in the database (ouch) or to not even store them at all but to re-/generate the content on-the-fly (if possible).

About storing elsewhere:
There are many options but I'll use Amazon S3 as an example. You upload files there, to a place you've made sure is not world-readable. To serve the PDFs you generate a particular signed URL to the file and redirect the user; it grants access to the file for a short time so that same URL will not work a few minutes later.
the_enn
Forum Newbie
Posts: 3
Joined: Mon Aug 15, 2016 3:16 pm

Re: Secure, dynamic user pdf storage advice

Post by the_enn »

requinix wrote:.htaccess only affects Apache. You have to do something on the actual filesystem to block users on that machine.

Unfortunately this is tricky and might not even be possible for you to do. It depends on the answer to one question:

If you look at the generated PDFs through FTP or SSH, are the files owned by your personal user account or is it a generic "www-data" or "apache" or "httpd" or similar? This is the same answer to the question of what user account PHP is running as.

If it's your account then that's great: make the PDF directory have permissions 0770 and the generated files have 0660. That's all.
If it's a generic account then you're stuck, and anyone on the server sufficiently motivated will be able to somehow get access to those files (with a bit of work). A simple solution is to store the files elsewhere. Less simple is to store the content in the database (ouch) or to not even store them at all but to re-/generate the content on-the-fly (if possible).

About storing elsewhere:
There are many options but I'll use Amazon S3 as an example. You upload files there, to a place you've made sure is not world-readable. To serve the PDFs you generate a particular signed URL to the file and redirect the user; it grants access to the file for a short time so that same URL will not work a few minutes later.
Thanks for the response, requinix. I believe the account is generic. I think our best option, once we get there, is to either store the files externally using the Amazon cloud, or possibly regenerate the pdfs on the fly. I would feel safer doing the latter, but I'm going to have to look into that one some more.

This all helps going forward - thanks everybody!
User avatar
Christopher
Site Administrator
Posts: 13592
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Secure, dynamic user pdf storage advice

Post by Christopher »

the_enn wrote:I think our best option, once we get there, is to either store the files externally using the Amazon cloud, or possibly regenerate the pdfs on the fly. I would feel safer doing the latter, but I'm going to have to look into that one some more.
You could also just get a dedicated server. There are many inexpensive ones. The security of the datacenters vary, but they would provide you with much more security.
(#10850)
Post Reply