I am developing a web application for my client using Code Igniter and i need to hide and secure some ZIP, JPG and PDF files on server so that they are not accessible by non users. Only people who are logged in and are the owners of Files can access the files. This is very similar to secure file sharing websites.
it is very similar to any paid file sharing site like only people who paid for files can download files. In my case only those who have uploaded and who shared the files with other can download files.
Please tell me how can i do this..
Thanks
Sajid
One method is to keep the files above the web root (so not publicly accessible) and have the link to them point to a function that will check if logged in (or other parameters you want) and if everything is OK, then serve the file(s).
Related
I have a special web page for members.
I am publishing with IIS 10 on Windows server 2016.
Through the website, members upload their private documents to the site.
For example:
http://mywebpage.com/upload/xuser/a.jpg
http://mywebpage.com/upload/xuser/b.pdf
http://mywebpage.com/upload/yuser/c.pdf
http://mywebpage.com/upload/yuser/abc/d.pdf
I use these files in html tags with classic asp. For example;
<a href='http://mywebpage.com/upload/yuser/c.pdf'>yuser transcript</a>
<h1>Profile</h1><img src='http://mywebpage.com/upload/xuser/a.jpg'/>
But I want these files to be accessible only by *.asp files under "http://mywebpage.com".
The possibility that users can access it by typing the link directly into the address bar annoys me very much.
For this, I used the following ways. But I still don't feel safe.
Disallow all files in /upload/ directory with robots.txt.
Prevent browsing to /upload/ with web.config.
Using a complex directory name and complex filenames with the user id and not the yuser. /upload/ASDASD12djd829D2/DUJA811220.jpg
But these are still not the solution I want. Is it possible to say that no one can read these static files except just http://mywebpage.com/*.asp pages? What path should I follow?
I have a Laravel 5 project in which I am uploading files in database in Medium Blob format.
But uploading files in database takes some extra time to execute.
Uploading files in database is a secured way to keep files safe from crawlers or some bots.
I have tried to Upload files to the Public folder. But the crawlers can open these files.
Is there any possible way to upload files in the file system?
So that the Crawlers cannot open these files.
I want these files to be Secured
you can upload them outside of the public scope. For example, storage/ folder is a good place. Also, you can grab them using the file system manager. Take a look:
$image = \Storage::get('file.jpg');
Edit
A correct laravel installation just allow the content of public/ to be accesible via web browser. If other directories as storage/ or resources/ are public too, then you installation is really incorrect.
Said that, once you upload the files in storage/ folder nobody can access them except by you using the \Storage facade. When you call for example \Storage::get('file.jpg'); it returns an stream of bits that you can allocate them in a temporary folder and then display it in the webside. Once the request has finished, the image will disappear again from public domain.
No need to change the directory this can be achieved by two ways
LazyOne Answer using .htaccess
AND
Using robots.txt
I will suggest to implement both .htaccess and robots.txt as some cheap crawlers ignore robots.txt but they can't ignore .htaccess
You can follow this method
image-accessibility-for-authenticated-users-only
As this only allows authorized uses to view image
I want to update my app's database with dropbox.
It should download some files and db file located in specific folder in my Dropbox account.
The algorithm is something like this:
1. App makes request to shared folder and downloads db by specified name(like myapp.db)
2. App reads db, get list of file to download and looking for them in shared folder
3. App downloads this files from shared folder
Is it possible? I don't want to show any authentication requests to user, and actually user can't be authenticated since he just get access to shared folder in my account.
Can I do this with Dropbox API?
platform is os x
You don't need to use the Dropbox API to do this. Just put the public URL for myapp.db into the app, and in myapp.db put all the URLs of the files. Then you're not even tied to Dropbox, since all you need is public URLs. Note that Dropbox has bandwidth limits, so if this is a heavily-used app, you might want to put these on a more appropriate host like S3. Using direct URLs gives you the flexibility to change hosts in the future.
I developed a software and uploaded it on my site (my site is on .net 4 and mvc3), when users register on my site can see download link and download my application.
now question is that how can i private that user without registering can download my application when the found download location in my host.
they can download application by entering download address in browsers URL.
I want to know how the file sharing servers works, for example you can not enter file address in your browser and download file.
What ways are available for this case?
You should allow the user to download the file through a controller action and you should disable accessing the folder (where the download file exists) directly through browser in IIS.
This blog post will help you.
I am using Wordpress and Easy Digital Download plugin to sell digital files.
I have the following how-to questions:
How to avoid a user to see or to use direct download link?
How to create a download link that has an expiration like session?
How to secure a wp-contents/uploads folder?
You might be interested in this:
deny direct access to a folder and file by htaccess
simply put a .htaccess file with the content "deny from all" in the folder.
Then only scripts from your webspace should be able to read files from there.
This should be a first step. You would need a php-file serving the data instead of accessing those files directly.
Eg like this: http://www.kavoir.com/2009/05/php-hide-the-real-file-url-and-provide-download-via-a-php-script.html
(as I am not aware of wordpress plugins, maybe just google for them, this explains how to write those in php - if you cant do that youre pretty much stuck to wordpress plugins)
Nah, Nah, Nah... It's easy man update your plugin, and check your settings...
Step 2. You will see in you plugin settings, that it has 24 hours expiration date download link in forwarded email
"WP Secure Links" is WordPress plugin at codecanyon that lets you create a secure link to downloadable files.
http://codecanyon.net/item/wp-secure-links/4418678
http://sixthlife.net/product/wp-secure-links/
for securing the uploads folder needs some good .htaccess work
check the comments section of this, its explained
Still relevant in 2020 so I have written a small plugin that enables secure and temporary downloads in Wordpress:
WP DISPATCHER
It is free and simple. Check it out :)