Web Application, most secure place for an uploads folder for users

Question

General structure of my application:

[includes] - not accessible by the web
.. important database classes, etc
[public]
.. all files that the application publicly uses

I'm trying to make a decision about where I should store the [uploads] folder. This is the where all users will be storing their media (images, etc)

[uploads]
   [user123]
      mypic.jpg
      mysecondpic.jpg
   [user456]
      picpic.jpg
      yeah.jpg

Currently, I have this folder within the [public] folder, but for some reason I'm not convinced that that this is the right place ...

The [includes] folder will not be accessible by the public, only PHP will be able to navigate there.

What are your thoughts on this for best practice sake?

@Pekka, no I don't think so. But if I did want to keep them secure, what would be the best structure? — dcolumbus, Jul 03 '12 at 00:31
Should anybody be allowed to access `/user123/mypic.jpg` or only user123? — Pekka, Jul 03 '12 at 00:31
I suppose only that user. I mean, without brining "sharing" media into the conversation ... which is a possibility down the road. — dcolumbus, Jul 03 '12 at 00:35

score 2 · Answer 1 · answered Jul 03 '12 at 00:29

2

In a sibling directory. That is, a directory at the same level as includes/ and public/.

answered Jul 03 '12 at 00:29

Ignacio Vazquez-Abrams

776,304
153
1,341
1,358

Yes, this is kind of what I was thinking. Are there any downsides? – dcolumbus Jul 03 '12 at 00:31
If you're in safe mode then you'll need to add another path to the exceptions list. Also, you can't directly serve those files; but that's what mod_sendfile is for. – Ignacio Vazquez-Abrams Jul 03 '12 at 00:41

score 0 · Answer 2 · answered Jul 03 '12 at 00:34

0

It depends on what you are trying to achieve. If you are uploading for example photos for user articles, place them in publicly visible folder such as /public/images (that images are visible either way). If you are on the other hand making an application that will (for example) profit from uploaded files, it's better to place them one level higher, such as /uploads, so that they won't be publicly accesible, but you can create a code that will enable downloads.

answered Jul 03 '12 at 00:34

Tomasz Kowalczyk

10,472
6
52
68

Well, the browser needs to be able to bring these images in. The point of the application is to allow users to design "presentation" that they can then send out to others. – dcolumbus Jul 03 '12 at 00:36
The case is simple: public files go to `web/X` or `public/X`, if you want to impose ANY restrictions you need to hide them one level higher. You can obviously make some htaccess magic, but I don't recommend it. – Tomasz Kowalczyk Jul 03 '12 at 00:40
So if I need to be bringing these images into an interface that is consumed by the public, I cannot have the "uploads" directory on the same level or higher than "public"? – dcolumbus Jul 03 '12 at 00:41
If you put that files in `public/X` they are publicly visible and you have no control over who whould see what. If you put them one level higher you need to create some "bridges" such as PHP file that'll read images and output them to the browser. – Tomasz Kowalczyk Jul 03 '12 at 00:46

score 0 · Answer 3 · edited May 23 '17 at 10:09

0

I suppose only that user. I mean, without brining "sharing" media into the conversation ... which is a possibility down the road.

In that case, the usual setup is

Place the files outside the web root (ie. outside the public folder - where exactly, is up to you really)
Build a PHP script that checks user permissions and passes through the requested file if everything checks out. That PHP script will then be called for every resource like so:

domain.com/resource.php?user=user123&file=mypic.jpg

(or use pretty URL rewriting)

bear in mind, however, that this requires an expensive PHP process to be started for every resource requested. Be sure to use very clever caching to minimize requests.

There are Apache and nginx modules that make this process more efficient named X-Sendfile. That may be worth a look down the road.

edited May 23 '17 at 10:09

Community

1
1

answered Jul 03 '12 at 00:38

Pekka

442,112
142
972
1,088

The only concern is whether or not the public will be able to "see" the media. An image will be brought into an interface that the public will be able to view as a part of a presentation. – dcolumbus Jul 03 '12 at 00:40
@dcolumbus so the file should be accessible to all the world and not just user123? That's not what you said above though? – Pekka Jul 03 '12 at 00:41
In the end, the file will be viewable by the public, but only through an interface that user123 has created. – dcolumbus Jul 03 '12 at 00:42
Ah. In that case, store the `uploads` folder inside `public`, no problem – Pekka Jul 03 '12 at 00:43
Is there no way to have the `uploads` directory on the same level as `public` and still be able to serve up the files to the browser when requested by the interface? – dcolumbus Jul 03 '12 at 00:46
@dcolumbus sure, using the method described above (with its huge downsides), or using an Apache `Alias` (if you can change the server configuration; no downsides). – Pekka Jul 03 '12 at 00:47

Web Application, most secure place for an uploads folder for users

3 Answers3