I am trying to create a folder structure like so:

  • Uploaded files
    • a
      • aaron.doe@hotmail.com
    • b
    • c
    • ...all the way to z

one level ABOVE the public web directory. The only unique key (besides the user_id itself) is the user email, since their email is their username, so...

Question: Would people be able to access these directories and get a hold of all user's email address? How bad of an idea is this? What possible alternatives do you suggest?

Thanks.

有帮助吗?

解决方案

Definitely make sure you use hashes instead of plain-text E-Mail addresses. That is a must.

Other than that, I guess this is as safe (and unsafe) as a solution can be that is based on security through obscurity (i.e. your security relies solely on the fact that nobody knows the URLs - but if they do, they can access them without limitation.) There are many potential holes - a user could bookmark a URL; it could be embedded somewhere on a page; it can be stored in server, browser, and proxy logs...

其他提示

Take a look at the PHP dir function: http://php.net/manual/en/class.dir.php

If you want the folders to be publicly accessible to your users via the web, why put the folders above the web root?

Also, you may consider using some sort of hash for the folder names, 1) because nobody wants their email addresses publicly revealed, and 2) revealing internal user_ids could lead to exploits.

As Pekka just replied; it might be a good idea to hash the email addresses since there's a big chance that the links might be posted to a forum or similar, and the post might then get crawled by an email address crawler. I think that just a simple hash (e.g. md5) of the address would (almost) solve this.

See this thread on how to prevent directory listing, and what to do if the Apache way doesn't work.

Hash the e-mails to use as folder names and put it above web root.

You can use a simple autentication to give access to this files and a php file to read them and send them to the browser.

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top