ZendFramework - 如何保护在公共/目录中上传的机密文件？

发布于 2024-12-22 20:14:24 字数 769 浏览 1 评论 0原文

一些用户上传机密合同/协议文件，这些文件存储在目录 /var/www/html/project/public/contract/ 中。

但问题是，通过谷歌搜索或直接链接，任何未经授权的用户都可以打开它并查看/复制它。

我如何保护它，以便只有我的域或允许的对等方才能访问此私有目录？

例子：

class Application_Model_Uploader
{

  public static function mvUploadContract()
  {     
        /* Anyone from outside can access this path, but how to protect it? */
        $target_path = APPLICATION_PATH . "/../public/contract/";          
        $target_path = $target_path .  basename( $_FILES['contractfile']['name']);
        if(move_uploaded_file($_FILES['contractfile']['tmp_name'], $target_path)) 
        {
            $result = true;
        }else{
            $result = false;
        }
  }
}

原文

Some users uploads there confidential contract/agreement files which is stored in a directory /var/www/html/project/public/contract/<HERE_UNIQUE_FILES.pdf>.

But the problem is from google search or direct link any unauthorized user can open it and view/copy it.

How can i protect it, so that only my domain or allowed peers can only have access to this private directory?

Example:

class Application_Model_Uploader
{

  public static function mvUploadContract()
  {     
        /* Anyone from outside can access this path, but how to protect it? */
        $target_path = APPLICATION_PATH . "/../public/contract/";          
        $target_path = $target_path .  basename( $_FILES['contractfile']['name']);
        if(move_uploaded_file($_FILES['contractfile']['tmp_name'], $target_path)) 
        {
            $result = true;
        }else{
            $result = false;
        }
  }
}

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

最舍不得你 2024-12-29 20:14:24

将文件移出公共目录，并在授权用户后使用 PHP 流式传输它们。

if (is_authorized($user)) {
  header('Content-Description: File Transfer');
  header('Content-Type: application/octet-stream');
  header('Content-Disposition: attachment; filename='.basename($path_to_file_outside_public));
  header('Content-Transfer-Encoding: binary');
  header('Expires: 0');
  header('Cache-Control: must-revalidate');
  header('Pragma: public');
  header('Content-Length: ' . filesize($path_to_file_outside_public));

  readfile($path_to_file_outside_public);
}

Move the files out of the public directory and use PHP to stream them after authorizing the user.

if (is_authorized($user)) {
  header('Content-Description: File Transfer');
  header('Content-Type: application/octet-stream');
  header('Content-Disposition: attachment; filename='.basename($path_to_file_outside_public));
  header('Content-Transfer-Encoding: binary');
  header('Expires: 0');
  header('Cache-Control: must-revalidate');
  header('Pragma: public');
  header('Content-Length: ' . filesize($path_to_file_outside_public));

  readfile($path_to_file_outside_public);
}

回复收藏 0 原文

~没有更多了~