如何防止访问PHP中的某些文件?
[英]How to prevent access to some files in PHP?
问题描述
I have a multi tenant PHP webapp which generates PDFs to be downloaded by the users. 
我有一个多租户PHP Webapp,它生成要由用户下载的PDF。 The PDFs are easily accessible via URL so users can preview or download them. 可通过URL轻松访问PDF,因此用户可以预览或下载它们。
This is the schema of the URL 这是URL的架构
http://<mywebappaddress>.com/downloads/pdf_<userid>_<date>.pdf
The webapp lets the users access only their PDFs, however users could have a look at the URL, change the userid (guessing another user id maybe) and donwload PDFs from other users. 网络应用程序仅允许用户访问其PDF,但是用户可以查看URL,更改用户ID(可能会猜测另一个用户ID)并从其他用户下载PDF。
What's the best approach in PHP to prevent that? PHP中防止这种情况的最佳方法是什么?
1 个解决方案
解决方案1
1 已采纳 2017-02-18 09:40:21
There are many ways to prevent this 有很多方法可以防止这种情况
Encrypt pdf file name and store in database with user_id, and provide the name only to allowed user.
加密pdf文件名并使用user_id存储在数据库中,并且仅将名称提供给允许的用户。 You could store all pdf files other than your serve like
Amazon Simple Storage Service (Amazon S3)您可以存储服务以外的所有pdf文件,例如Amazon Simple Storage Service (Amazon S3)
First option is free 首选免费
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.