[nycphp-talk] protecting download directory in PHP app on Unix box?
Kristina Anderson
ka at kacomputerconsulting.com
Wed May 28 19:14:07 EDT 2008
In the case of this project, there will potentially be several hundred
PDFs but no more than that, at least for the foreseeable future...there
are about 30 articles or less published per year by this magazine.
So I think one static directory can work for us.
-Kristina
> John Campbell wrote:
> > What is the point of this? It offers no security -- if one knows
the
> > id, then then they know $p1 and $p2. Why not just put it in a
folder
> > of the id?
>
> Because stashing potentially tens of thousands of files into a single
> directory is an SA nightmare even if you have a filesystem that
supports
> that many nodes in a directory.
>
> The question wasn't about security. It was about how to break up an
ID
> into something that could point to file inside a directory hierarchy.
> It's not a URL but a file path that the application generates from
the
> user's ID. Making it harder for the user to guess isn't an issue
> because the directory would presumably (hopefully) live outside web
root.
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
>
More information about the talk
mailing list