在Web服务器中存储文件的安全方法？-Securewaytostorefilesinwebserver?

23  

Don't store them in a database. Put them in your web directory and secure them using .htaccess.

不要将它们存储在数据库中。将它们放在您的web目录中并使用.htaccess保护它们。

If you want to authenticate via other means, then store the files in a directory that isn't web-accessible but is readable by the user php runs as.

如果您想通过其他方式进行身份验证，请将文件存储在一个不可通过Web访问但可由用户运行的目录中运行。

5  

A few options come to mind.

我想到了一些选择。

If you are using Apache you can use htaccess to password protect directories. (first googled link : http://www.Javascriptkit.com/howto/htaccess3.shtml)

如果您使用的是Apache，则可以使用htaccess来保护目录。 （第一个用Google搜索链接：http：//www.Javascriptkit.com/howto/htaccess3.shtml）

or Store the files above the web server. Create a script in php that will allow authorised users to access them.

或将文件存储在Web服务器上方。在php中创建一个脚本，允许授权用户访问它们。

If you want to do it Via FTP, and you are running cpanel you may be able to create new ftp accounts. check yourdomain.com/cpanel to determine if you have it installed.

如果您想通过FTP进行操作，并且您正在运行cpanel，则可以创建新的ftp帐户。检查yourdomain.com/cpanel以确定您是否安装了它。

4  

Storing files in DB is very bad practice. Very good practice to store only information about file. Name, extension. Files save on server like $id.$ext. It will be a good architecture. And when user download file, he take file with name in DB.
Sorry for my english.

在DB中存储文件是非常糟糕的做法。非常好的做法，只存储有关文件的信息。姓名，延期。文件保存在服务器上，如$ id。$ ext。这将是一个很好的架构。当用户下载文件时，他在DB中获取名称文件。对不起我的英语不好。

1  

Downloadable files can be stored in htaccess protected folder/s. A script like the one below can be used to generate dynamic links for downloadable files.

可下载的文件可以存储在受htaccess保护的文件夹中。可以使用下面的脚本为可下载文件生成动态链接。

for ex. Secure download links. http://codecanyon.net/item/secure-download-links/309295

对于前安全的下载链接。 http://codecanyon.net/item/secure-download-links/309295

1  

Discussion

If you opt to keep high value downloadable content files directly on the filesystem, the best thing to do is to keep them outside of the webroot. Then, your application will have to solve the problem of creating URLs (url encoding when necessary) for content (PDF's, Word Docs, Songs, etc..).

如果您选择将高价值可下载内容文件直接保存在文件系统上，最好的办法是将它们保留在webroot之外。然后，您的应用程序将必须解决为内容（PDF，Word Docs，歌曲等）创建URL（必要时的URL编码）的问题。

Generally, this can be achieved by using a query to retrieve the file path, then using the file path to send content to the user (with header() etc ..) when he or she clicks on an anchor (all of this without the user ever seeing the true, server side file path).

通常，这可以通过使用查询来检索文件路径，然后使用文件路径向用户发送内容（带有header（）等等）来实现，当他或她点击一个锚点时（所有这些都没有用户看到真正的服务器端文件路径）。

If you do not want user A sharing URLs for high value downloadable content to user B, then your application must somehow make the links exclusively tied to user A. What can be done? Where should I start?

如果您不希望用户A为用户B共享高价值可下载内容的URL，那么您的应用程序必须以某种方式使链接专门与用户A相关联。可以做什么？我应该从哪里开始？

Obviously, you want to make sure user A is logged in during a session before he or she can download a file. What is not so obvious is how to prevent a logged in user B from using a URL sent from user A (to user B) to download A's digital content.

显然，您希望确保用户A在会话期间登录，然后才能下载文件。不太明显的是如何防止登录用户B使用从用户A（到用户B）发送的URL来下载A的数字内容。

Using $_SESSION to store the logged in user's ID (numerical, or string) and making that part of the eventual query (assuming content is tied to user purchases or something) will prevent a logged in user B from downloading things they have not purchased, but you will still incur the resource hit for processing the SQL empty set for items they have not purchased. This sounds like a good step two.

使用$ _SESSION存储登录用户的ID（数字或字符串）并进行最终查询的那部分（假设内容与用户购买或其他内容相关联）将阻止登录用户B下载他们尚未购买的内容，但是，对于他们尚未购买的商品处理SQL空集，您仍会遇到资源问题。这听起来是一个很好的第二步。

What about step one? Is there something that can prevent the need to do a query to begin with?

第一步怎么样？有什么东西可以阻止开始查询的需要吗？

Well, let us see. In HTML forms, one might use a XSRF token in a hidden field to verify that a submitted form actually originated from the web server that receives the POST/GET request. One token is used for the entire form.

好吧，让我们看看。在HTML表单中，可以在隐藏字段中使用XSRF令牌来验证提交的表单是否实际来自接收POST / GET请求的Web服务器。一个标记用于整个表单。

Given a page of user specific things to download (anchors), one could embed a single token (the same token, but different per page request) into each anchor's href attribute in the form of a query string parameter and store a copy of this token in $_SESSION.

给定一个用户特定要下载的页面（锚点），可以以查询字符串参数的形式将单个令牌（相同的令牌，但每页请求不同）嵌入到每个锚点的href属性中，并存储此令牌的副本在$ _SESSION中。

Now, when a logged in user B attempts to use a logged in user A's shared URL, the whole thing fails because user A and user B have different sessions (or, no session at all), and thus different tokens. In other words, "My link is the same as yours, but different." Anchors would be tied to the session, not just to the page, user, or content.

现在，当登录用户B尝试使用登录用户A的共享URL时，整个操作失败，因为用户A和用户B具有不同的会话（或者根本没有会话），因此具有不同的令牌。换句话说，“我的链接与你的相同，但不同。”锚点将与会话绑定，而不仅仅与页面，用户或内容绑定。

With that system in place, PHP can determine if a request for content is valid without getting the database involved (by comparing the submitted token to the one in $_SESSION). What is more, a time limit can be established in $_SESSION to limit the duration/lifetime of a valid XSRF token. Just use the time() function and basic math. Sixty minutes might be an ideal token lifetime for an anchor in this situation. Have the user login again if the token for a clicked anchor has expired.

有了这个系统，PHP可以确定内容请求是否有效而不涉及数据库（通过将提交的令牌与$ _SESSION中的令牌进行比较）。更重要的是，可以在$ _SESSION中建立时间限制，以限制有效XSRF令牌的持续时间/生命周期。只需使用time（）函数和基本数学。在这种情况下，60分钟可能是锚的理想标记生命周期。如果单击锚点的令牌已过期，请让用户再次登录。

Summary

If you use files on a filesystem and store the paths in the database, make sure you do the following (at minimum), too.

如果您在文件系统上使用文件并将路径存储在数据库中，请确保您也执行以下操作（至少）。

1. Apply proper file permissions to your content directory (outside of webroot).
2. 将适当的文件权限应用于您的内容目录（在webroot之外）。
3. Use random names for uploaded files.
4. 对上传的文件使用随机名称。
5. Check for duplicate file names before saving a file from an upload.
6. 在保存上载文件之前，请检查重复的文件名。
7. Only logged in users should be able to download high value content.
8. 只有登录用户才能下载高价值内容。
9. Have an effective $_SESSION system that deters session fixation.
10. 有一个有效的$ _SESSION系统，可以阻止会话固定。
11. Make URLs for high value downloadable content are unique per page by using hashed XSRF tokens.
12. 通过使用散列XSRF令牌，使每页的高价值可下载内容的URL是唯一的。
13. XSRF tokens cover more scenarios when they have a terminal life time.
14. 当XSRF令牌具有终端生命周期时，它们涵盖了更多场景。
15. Make SQL queries for user content based on the logged in user's ID, not the product exclusively.
16. 根据登录用户的ID而不是产品专用，对用户内容进行SQL查询。
17. Filter and validate all user input.
18. 过滤并验证所有用户输入。
19. Use prepared statements with SQL queries.
20. 使用带有SQL查询的预准备语句。

0  

The best way is to store the file reference in Database. The file itself will be stored in the server filesystem. The complexity of this is making sure there is reference integrity between the database file reference and the existing file in the server filesystem. Some database such as sql server 2008 have feature that maintain the integrity of the file references to the actual file itself.

最好的方法是将文件引用存储在数据库中。文件本身将存储在服务器文件系统中。这种复杂性确保了数据库文件引用与服务器文件系统中现有文件之间存在引用完整性。某些数据库（如sql server 2008）具有维护对实际文件本身的文件引用的完整性的功能。

Other than that securing the file itself in the server depends on the OS where permissions can be configured to the specific folder where the file reside.

除了在服务器中保护文件本身之外，还取决于可以将权限配置到文件所在的特定文件夹的操作系统。

0  

If the files are purely static you could use read-only or WORM media to store the data files or indeed run the complete web server from a "LiveCD". It's certainly not suited to everyone's needs but for limited cases where the integrity of the data is paramount it works.

如果文件是纯静态的，您可以使用只读或WORM介质来存储数据文件，或者实际上从“LiveCD”运行完整的Web服务器。它当然不适合每个人的需求，但对于有限的情况，数据的完整性至关重要。