[PHP] Strategy for Secure File Storage

2007-09-24 Thread Kevin Murphy 
I'm working on a intranet site that uses an LDAP server to  
authenticate users and then a integrated CMS (kind of like a wiki  
with security features so only certain people can post things or  
upload files) runs the whole thing. (The CMS is custom built with PHP).


I've got a need to make certain files secured so that if someone  
uploads a file they can specify that no one except certain people can  
view the file. I've got all the security features set up, what I need  
to do is come up with the best way of securing those files. Obviously  
the link won't show to those files if the user doesn't have access to  
it, but I'm worried that someone might know the link and be able to  
access the file that they are not supposed be able to see.


This doesn't need to be NSA level security, but I do need to protect  
against some computer savvy users. So, I'm pondering the following  
ideas for hiding those files. Any insight on the best method would be  
appreciated:


1) Write secure files to MySQL as a blob (only secure files would be  
written there)


2) Write secure files to the level below the web root and come up  
with a way of copying the files over to a temporary directory for  
access, then delete the files as soon as they are accessed.


3) Use Unix passwords to protect a folder in the web level and then  
the CMS knows the password and can pass the password for access (so  
that the user doesn't know this password, but the CMS does).


4) Some various forms of link obfuscation, where the CMS goes through  
all the secure files once an hour or so and rewrites the file name  
with a random string.


5) Or  I'm open to suggestions.
Thanks.

--
Kevin Murphy
Webmaster: Information and Marketing Services
Western Nevada College
www.wnc.edu
775-445-3326

P.S. Please note that my e-mail and website address have changed from  
wncc.edu to wnc.edu.

Re: [PHP] Strategy for Secure File Storage

2007-09-24 Thread Jon Anderson 

Kevin Murphy wrote:
I'm working on a intranet site that uses an LDAP server to 
authenticate users and then a integrated CMS (kind of like a wiki with 
security features so only certain people can post things or upload 
files) runs the whole thing. (The CMS is custom built with PHP).


I've got a need to make certain files secured so that if someone 
uploads a file they can specify that no one except certain people can 
view the file. I've got all the security features set up, what I need 
to do is come up with the best way of securing those files. Obviously 
the link won't show to those files if the user doesn't have access to 
it, but I'm worried that someone might know the link and be able to 
access the file that they are not supposed be able to see.


This doesn't need to be NSA level security, but I do need to protect 
against some computer savvy users. So, I'm pondering the following 
ideas for hiding those files. Any insight on the best method would be 
appreciated:


1) Write secure files to MySQL as a blob (only secure files would be 
written there)


2) Write secure files to the level below the web root and come up with 
a way of copying the files over to a temporary directory for access, 
then delete the files as soon as they are accessed.


3) Use Unix passwords to protect a folder in the web level and then 
the CMS knows the password and can pass the password for access (so 
that the user doesn't know this password, but the CMS does).


4) Some various forms of link obfuscation, where the CMS goes through 
all the secure files once an hour or so and rewrites the file name 
with a random string.


5) Or  I'm open to suggestions. 



You can easily force all file access to pass through a PHP script - 
just do this kind of thing:


- Fetch file information from a get variable, like file.php?fileid=12345 
(or even file.php?filename=somefile.bin)
- Check if the user is allowed access to that file (yes: continue, no: 
display an error)


header(Content-Type:  . $file-getContentType());
readfile(/path/to/secure/ . $file-getFileName());

Then just make sure that the /path/to/secure/ (as in the example 
above) is not readable by web users by some means.


jon

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php