Page 1 of 1
Secure, dynamic user pdf storage advice
Posted: Mon Aug 15, 2016 3:25 pm
by the_enn
Hi all,
Newbie here looking for some general advice.
I'm going to be working on upgrading an old site which allowed users to create a free account, then create dynamic pdfs based on their input values on a form. To create the pdfs, they have to pay for them. Then, once they create the pdf, the user can see a list of pdfs they've generated and then re-download those pdfs again at any time.
My question is with regard to securing storage of those pdfs in a MySQL database. Right now, there is a directory solely used to store the actual pdfs (the directory's name is random numbers and letters). We are using a hashed index in MySQL to associate with the pdf filename in the pdf directory. We are using external hosting (currently Bluehost).
Any advice with regard to securing that pdf directory so that someone couldn't hack the site and just download all the pdfs that users paid for?
Thanks for ideas!
Re: Secure, dynamic user pdf storage advice
Posted: Mon Aug 15, 2016 4:25 pm
by Christopher
Store the PDFs in a directory outside of your webserver's document root, so they are not accessable. Then use PHP do download them. See the PHP manual page for readfile() for an example, but essentially this:
Code: Select all
<?php
$download_path = '/path/to/download/dir/';
$download_file = 'example.pdf';
header("Content-type:application/pdf");
header("Content-Disposition:attachment;filename='$download_file'");
readfile($download_path . $download_file);
Re: Secure, dynamic user pdf storage advice
Posted: Mon Aug 15, 2016 10:38 pm
by requinix
To be clear, are you talking about securing them against users on your site who are not supposed to have access? Or about making them secure on the server because you're using shared hosting and you don't want someone else on the server to be able to locate and read those files?
Re: Secure, dynamic user pdf storage advice
Posted: Tue Aug 16, 2016 9:21 am
by the_enn
Christopher wrote:Store the PDFs in a directory outside of your webserver's document root, so they are not accessable. Then use PHP do download them. See the PHP manual page for readfile() for an example, but essentially this:
Code: Select all
<?php
$download_path = '/path/to/download/dir/';
$download_file = 'example.pdf';
header("Content-type:application/pdf");
header("Content-Disposition:attachment;filename='$download_file'");
readfile($download_path . $download_file);
Thanks for this, Christopher.
requinix wrote:To be clear, are you talking about securing them against users on your site who are not supposed to have access? Or about making them secure on the server because you're using shared hosting and you don't want someone else on the server to be able to locate and read those files?
It's primarily for the latter, since a given user won't see the download directory path and would have a hard time guessing where the pdfs are stored.
My main concern is because of the shared hosting and wouldn't want someone to be able to grab the pdfs from the file directory. Would this be an .htaccess configuration solution?
Re: Secure, dynamic user pdf storage advice
Posted: Tue Aug 16, 2016 9:59 am
by requinix
.htaccess only affects Apache. You have to do something on the actual filesystem to block users on that machine.
Unfortunately this is tricky and might not even be possible for you to do. It depends on the answer to one question:
If you look at the generated PDFs through FTP or SSH, are the files owned by your personal user account or is it a generic "www-data" or "apache" or "httpd" or similar? This is the same answer to the question of what user account PHP is running as.
If it's your account then that's great: make the PDF directory have permissions 0770 and the generated files have 0660. That's all.
If it's a generic account then you're stuck, and anyone on the server sufficiently motivated will be able to somehow get access to those files (with a bit of work). A simple solution is to store the files elsewhere. Less simple is to store the content in the database (ouch) or to not even store them at all but to re-/generate the content on-the-fly (if possible).
About storing elsewhere:
There are many options but I'll use Amazon S3 as an example. You upload files there, to a place you've made sure is not world-readable. To serve the PDFs you generate a particular signed URL to the file and redirect the user; it grants access to the file for a short time so that same URL will not work a few minutes later.
Re: Secure, dynamic user pdf storage advice
Posted: Tue Aug 16, 2016 12:49 pm
by the_enn
requinix wrote:.htaccess only affects Apache. You have to do something on the actual filesystem to block users on that machine.
Unfortunately this is tricky and might not even be possible for you to do. It depends on the answer to one question:
If you look at the generated PDFs through FTP or SSH, are the files owned by your personal user account or is it a generic "www-data" or "apache" or "httpd" or similar? This is the same answer to the question of what user account PHP is running as.
If it's your account then that's great: make the PDF directory have permissions 0770 and the generated files have 0660. That's all.
If it's a generic account then you're stuck, and anyone on the server sufficiently motivated will be able to somehow get access to those files (with a bit of work). A simple solution is to store the files elsewhere. Less simple is to store the content in the database (ouch) or to not even store them at all but to re-/generate the content on-the-fly (if possible).
About storing elsewhere:
There are many options but I'll use Amazon S3 as an example. You upload files there, to a place you've made sure is not world-readable. To serve the PDFs you generate a particular signed URL to the file and redirect the user; it grants access to the file for a short time so that same URL will not work a few minutes later.
Thanks for the response, requinix. I believe the account is generic. I think our best option, once we get there, is to either store the files externally using the Amazon cloud, or possibly regenerate the pdfs on the fly. I would feel safer doing the latter, but I'm going to have to look into that one some more.
This all helps going forward - thanks everybody!
Re: Secure, dynamic user pdf storage advice
Posted: Tue Aug 16, 2016 6:47 pm
by Christopher
the_enn wrote:I think our best option, once we get there, is to either store the files externally using the Amazon cloud, or possibly regenerate the pdfs on the fly. I would feel safer doing the latter, but I'm going to have to look into that one some more.
You could also just get a dedicated server. There are many inexpensive ones. The security of the datacenters vary, but they would provide you with much more security.