堆栈内存溢出
  简体   繁体   English

将pdf文件安全地存储在服务器上

[英]storing pdf files on server securely

 原文  2013-09-28 10:34:21       php/ mysql/ pdf/ encryption/ payment

问题描述

I am deploying a website from where user can purchase the pdfs. 我正在部署一个网站,用户可以从该网站购买pdf。 now i am searching for the way for storing the pdfs so that it only can be downloaded when payment is done. 现在,我正在寻找存储pdfs的方法,以便仅在付款后才能下载。 I have came across one way in which i can store the pdfs in to the Mysql database and generate the path to it when required credentials fulfill. 我遇到了一种方法,可以将pdfs存储到Mysql数据库中,并在满足所需凭据时生成到它的路径。

Is there any other way to do this and link to the pdf file should be dynamic and encrypted so that other links to the other books can't be predicted. 还有其他方法可以做到,指向pdf文件的链接应该是动态的和加密的,以便无法预测到其他书籍的其他链接。

and the server side language I am using is PHP 我使用的服务器端语言是PHP

3 个解决方案

解决方案1
 2  2013-09-28 10:42:24

I would : 我会 :

  • Deny any access to the files -- ie use a .htaccess file (That way, no-one has access to the file) 拒绝对文件的任何访问-即使用.htaccess文件(这样,没有人可以访问该文件)

  • Develop a PHP script that would : 开发一个PHP脚本,该脚本将:

    • receive a file identifier (a file name, for instance ; or some identifier that can correspond to the file) 接收文件标识符(例如,文件名;或一些可以对应于该文件的标识符)
    • authenticate the users (with some login/password fields), against the data stored in the database if the user is valid, and has access to the file (This is if different users don't have access to the same set of files), read the content of the file from your PHP script, and send it the the user. 如果用户有效并且可以访问文件(这是如果不同的用户不能访问同一组文件),则使用数据库中存储的数据对用户(具有一些登录名/密码字段)进行身份验证,从您的PHP脚本中读取文件的内容,并将其发送给用户。

The advantage is that your PHP script has access to the DB -- which means it can allow users to log-in, log-out, it can use sessions, ... 优点是您的PHP脚本可以访问数据库-这意味着它可以允许用户登录,注销,可以使用会话,...

Here is another answer from a stack user that fits this problem: Creating a Secure File Hosting Server for PDFs 这是适合该问题的堆栈用户的另一个答案: 为PDF创建安全文件托管服务器

解决方案2
 2 已采纳  2013-09-28 10:48:54

  1. You need to store the files somewhere outside your website root like mentioned by Dagon. 您需要将文件存储在网站根目录之外的某处,如Dagon所述。 When file is uploaded use move_uploaded_file to move it. 上传文件后,请使用move_uploaded_file进行移动。 You can name the file anything you want (within OS limits) and keep the real name in the database. 您可以为文件命名任何所需的名称(在OS限制内),并将真实名称保留在数据库中。
  2. Then when the user has payed for the books, add the books the user has payed for to a table in a db. 然后,当用户付款后,将用户付款的书添加到数据库中的表中。
  3. Give the user a list of all the books he has payed for like: /download/filename.pdf 向用户提供他已支付的所有书籍的清单,例如:/download/filename.pdf
  4. Add a mod_rewrite if you use Apache (or equivalent for other web servers) where /download/.* is redirected to download.php or a controller. 如果使用Apache(或其他Web服务器的等效服务器)将/download/.*重定向到download.php或控制器,则添加一个mod_rewrite。
  5. On the download page, check if user is logged in and has access to the file. 在下载页面上,检查用户是否已登录并有权访问该文件。 If not, redirect to purchase page for that book. 如果没有,请重定向到该书的购买页面。
  6. If download is ok set header for the http status you need: Content-Length, Content-Type, Date, Status (200), maybe Content-Encoding. 如果可以下载,请为http状态设置标题 :Content-Length,Content-Type,Date,Status(200),也许是Content-Encoding。
  7. Use readfile to output the file to the end user. 使用readfile将文件输出给最终用户。

解决方案3
 2  2013-09-28 11:22:44

is there any other way to do this and link to the pdf file should be dynamic and encrypted so that other links to the other books can't be predicted. 还有其他方法可以做到这一点,并且指向pdf文件的链接应该是动态的和加密的,以便无法预测到其他书籍的其他链接。

  1. The best way, is after payment generate a key to the file. 最好的方法是付款后生成文件密钥。
  2. create a page like this www.site.com/download.php?key=key (and here you don't need to have id of the book, because by the key you can check on the database what is the book the customer purchased . 创建一个类似www.site.com/download.php?key=key的页面(这里您不需要书的ID,因为通过该键,您可以在数据库上检查客户购买的书是什么)
  3. inside the download.php read the key, query the database to find which file is linked with the key 在download.php内读取密钥,查询数据库以查找与密钥链接的文件
  4. read the file, and send it to the customer. 读取文件,并将其发送给客户。 This is, if the key is valid, you will send the php headers as content type as being pdf, and (the php code) read the file in binary and send it in the message body. 也就是说,如果密钥有效,您将以pdf形式发送php标头作为内容类型,并且(php代码)以二进制形式读取文件并将其发送到消息正文中。

I hope this code helps 我希望这段代码对您有所帮助 

<?php
// We'll be outputting a PDF
header('Content-type: application/pdf');

// It will be called downloaded.pdf
header('Content-Disposition: attachment; filename="downloaded.pdf"');

// The PDF source is in original.pdf
readfile('original.pdf');
?>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用PHP / MySQL安全地存储和提供用户文件 - Storing and serving user files securely with PHP/MySQL 在Zend Framework 1.11中安全地存储用户文件 - Storing user files securely in Zend Framework 1.11 在服务器上安全存储敏感图像-PHP / Ubuntu - Securely Storing Sensitive Images on Server - PHP/Ubuntu 如何在服务器上安全地存储文件 - How to securely store files on a server 如何安全地存储SQL Server Apache服务器 - How to securely store sql files apache server 安全地存储Android应用程序内的服务器URL链接 - Storing the server URL link inside android application securely 将上传的文件存储在服务器上 - Storing uploaded files on the server 安全地存储私人图像 - Securely storing private images 安全地存储脚本 - Storing Scripts Securely 安全地存储数据 - Securely storing data
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM