On Fri, 19 Feb 2010 13:19:50 -0500, st...@astroh.org (Michael Stroh) wrote:
>I have a site I'm working on with some data that I want to be readable by >anyone, but some files that I want to keep hidden from outside users. Here is >an example of my file structure. > >/products/data1/item_1/data.txt >/products/data2/item_2/data.txt > >I would like everything in data1 to be available by anyone who visits the >site, but I want to keep items in the data2 folder to only be accessible >through certain web page which I hope to eventually require logins. Some of >these items I'd like to not only display but also allow people to download. > >My main concern is that I don't want people to be able to guess the names of >the files and then be able to access the information on them. Every 'item' has >an entry in a MySQL database which holds some information. I was thinking I >could have randomly generated folder names to take the place of the things >like 'item_2' such as > >/products/data2/kl23j42i/data.txt > >and then link the folder name through a database entry. But I'm not sure if >there are more elegant or easier ways to deal with this. Plus someone could >still just try randomly querying the site until they get a match. I'd first >like to just create a web page where you can go to access the hidden files but >would later like to add more control for other users using logins and >passwords. > >Most of my files are just text files and images. Any suggestions? > >Thanks in advance! > >Michael I have been working on a website engine for some time, and have recently been addressing these problems. The website layout is specified by textbased data files, with a separate entry for each item on the page. These may be links to subdirectories or even other websites, links to further index pages or links to individual items. Users are divided into groups, e.g. Guest, Admin, or Manager, and each data file has a field specifying who is allowed to use it. Each entry has a similar field, and when a data file is being loaded the loader checks that the current user has permission to access it before allowing the file to be loaded, and then as it processes each item in the file it checks if the user has permission to view this item, and if not skips it. This means that the user only sees the items he is entitled to see. There is nothing to indicate that anything is being hidden from him. At present I only have one allowable group for each file or item, and permit individual users to belong to multiple groups (as set up by the administrator). On reflection it would probably be better to assign each user to a single group, and allow multiple groups to be given access to the file. At first I simply assigned each user a privilege level; 0, 1, 2, .. , but this prevented giving some user groups access to some areas of the website, and other user groups access to others. Each website has one area containing data, and a separate one containing the engine (which has all the code). The data area also contains a small file index.php, which sets up site dependent parameters, and then hands access to the engine. I have several different websites sharing the same engine, and this means both that the individual websites can specify different configuration files and security requirements. One website can be fully accessible, another only accessible after the user is logged in, and another can have some areas only accessible through a hidden log in. I use parameters to specify which page to be loaded, but I've recently realised that this is a significant security hole, as the parameters are readily visible, and convey a lot of information about the structure of the site. On second thoughts it would have been better to specify the various directories and files by numbers. The engine is in a separate directory which is not under the root, so it is not readily accessible, but I wanted the photos to be able to be bookmarked, which meant that they had to be under the root, and I put the data files with them for simplicity. However this means that they can also be downloaded, so I will have to move them to a different location, as some of them contain valuable information. Fortunately the way the engine is designed makes this reasonably simple to do. You can see a very simple demonstration website at http://www.cydalba.com/?new=1. At present this is set up so that part of the website is only accessible by hidden log in. If you access it via http://www.cydalba.com/?new=1&action=log_in you will be asked to log in, which you can do as 'Guest', with password 'Mandy17'. Some more of the website will then be accessible. Clancy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
