Protecting files and directories on the web
-
17-06-2021 - |
Question
Mostly we upload things by an upload field in the HTML and uploads the file in a directory on the application root or elsewhere and stores the path in a database.
If the file is to be uploaded for specific users then the user can download from his/her dashboard. Yes, all works fine. But if he know the URL of a file of another user he can download it. How can we protect this???
Kindly i am very anxious, help me.
Solution
Perhaps you could send uploaded files to a specific directory. Either upload the files to 1) separate directories for each user, or to 2) separate directories for each user-group/level. Assign a user id or user group level credentials with a login script and check this against the directories.
For example, for each user: Upload files for user123 to directory "user123." Set permissions so that only login credentials with user id as "user123" can access.
For group level: Upload files for any users of the same group (e.g., level 1) to directory "group1." Set permissions so that only login credentials with group level as "1" can access.