0

I'm currently using a C# client to upload a large microsoft access database file using the below code.

System.Net.WebClient Client = new System.Net.WebClient();
Client.Headers.Add("Content-Type", "binary/octet-stream");
byte[] result = Client.UploadFile(@"http://localhost/upload.php", "POST", fileUpload);

I expect to eventually add credential authentication to make sure that its the intended client sending the data. I also expect to send it over https.

But, I am completely stumped on how to secure this file's storage on the php server. My concern is that it could be downloaded as the php script is moving the file from the public upload directory to a private directory. What is the most secure way of uploading and storing this document?

Here's an idea of what the php server side script currently looks like:

$uploaddir = 'upload/'; // Relative Upload Location of data file

if (is_uploaded_file($_FILES['file']['tmp_name'])) {
$uploadfile = $uploaddir . basename($_FILES['file']['name']);
echo 'File '. $_FILES['file']['name'] .'uploaded successfully.';


if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile)) {
echo 'File is valid, and was successfully moved. ';
}
Neverlax
  • 405
  • 2
  • 5
  • 15
  • 1
    I don't see how C# is relevant here - wouldn't the issue of "how to secure it on the server" be exactly the same regardless of client? – Jon Skeet Jan 04 '13 at 17:45
  • Why are you storing it in some public location ni the first place? – PeeHaa Jan 04 '13 at 17:45
  • 4
    When a file is uploaded in php, its normally stored in a temp directory. `move_uploaded_file` moves the file from temp to your storage. You want to specify a storage location that is not publicly accessible. – datasage Jan 04 '13 at 17:46

0 Answers0