0

I have an app from which I upload files to the server. The files uploaded in the same folder where the php script is placed. THe files can be viewed easily if any one finds out the URL, thus it is very easy to hack and destroy the data.

I have to provide the download address to users for downloading the data they uploaded but if I provide the exact URL, their is fair chance of loss of data.

I want to know is there a way to encrypt the URL or any other way of securing the folder where my data is uploaded.

my URL is like www.hostname.com/myfolder/file.txt. Due to such plain URL, I can't benefit much from URL encoding in Java.

I am a Java programmer, I have experience in php.

Regards

Naruto
  • 1,710
  • 7
  • 28
  • 39
  • You can create a script, that will process the request, reading data from that dir and sending it back. Thus you won't disclose the real url, where the data is stored. – user4035 Jul 25 '13 at 11:51
  • possible duplicate of [How to go about protecting files from unauthorized downloads](http://stackoverflow.com/questions/15078973/how-to-go-about-protecting-files-from-unauthorized-downloads) – deceze Jul 25 '13 at 12:14

1 Answers1

1

A few remarks:

  1. Use sessions and make the users authenticate themselves.
  2. Put the files in an upload/ folder, which is outside of the web root.
  3. When files are requested, check in the upload/ folder if they exist and serve them from there.
  4. If a file already exists, deny upload.
  5. Run everything from a secure (HTTPS) host.
Bart Friederichs
  • 33,050
  • 15
  • 95
  • 195
  • Better yet, put the upload/ folder outside of the web root. Ie. If index.php is in /mysite/web, make the upload folder in /mysite/upload. – watermanio Jul 25 '13 at 12:12