开发者

Hiding, or obfuscating the url path to files

开发者 https://www.devze.com 2023-02-07 04:49 出处:网络
I\'m allowing users to upload .jpg, .pdf .doc .xls files to my webserver under their own account, then they can later click on the filename to view the document in a browser, or on the case of .doc .x

I'm allowing users to upload .jpg, .pdf .doc .xls files to my webserver under their own account, then they can later click on the filename to view the document in a browser, or on the case of .doc .xls, they download it via the default browser prompt.

I'm wanting to hide开发者_运维技巧/obfuscate the url path so they don't know the exact path to get to the file, hoping to keep the files secure from other accounts/users.

I'm using php, apache

Here's and example path:

http://dev.site.com/administrator/account_files/1/documents/property_docs/1_68_1295980609myfile.pdf

How could I hide the url to something more like:

http://dev.site.com/1_68_1295980609myfile.pdf

the main purpose is to remove the reference to "administrator/account_files/...."

Is there something with apache's mod_rewrite that I could do? I've read a few other posts where people used php's readfile() and used a different page, but I'm wondering if I'll have some performance problems with doing it this way.

Thanks for your advice.


It might cost you some performance, but it will probably not give any real problems when you use readfile. It's not much overhead. The file must be read anyway, so it's just a little overhead of running the PHP script.

I you do this, you can even choose to store the file in a folder outside your web root, or in a folder that is password protected by .htaccess. Both techniques won't keep readfile from reading the file, so both are good ways to really block the actual file from being read outside.


You should force PHP to download that file:

<?php
$file = 'path/to/your/file.zip';
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=$file");
header("Content-Type: application/zip"); // change to a specific mime type
header("Content-Transfer-Encoding: binary");


You'd need to create a table in order to read and store the paths. For example, look at how sites like http://bit.ly work; essentially they assign a unique string to a URL and that's what you're looking to do.

There are a number of PHP scripts that can shorten URLs for you and thus mask the paths, just do a Google search.

0

精彩评论

暂无评论...
验证码 换一张
取 消