WebApp Sec mailing list archives
Re: Securing file access
From: "Jason Merriman" <jasonmerriman11 () aol com>
Date: Wed, 29 Sep 2004 09:47:05 -0400
You could have the script create a temporary link to the file with a random filename, IE: ln -s <source file> 123456789randomcharacters.ext Then, redirect the user to the temporary link (which, if you use enough random characters, nobody should be able to guess), and have a scavenger program run every few minutes or so to delete any links that are older than a few minutes. J. Saphyr wrote on 9/28/2004, 2:15 AM:
guess a file name to download). In order to access the files, thedatabasewould link a file to a unique id, so a page that validates the userwouldthen give access to the file stored outside of the www on theserver. Now,this is where the real question lies. How is this possible sincethe filesare not in a www accessible path, since a mere link to a file won'tdue.Any thoughts would be welcome.Hi there. According to your files sizes, could you consider using binary fields in your database ? .antoine ------------oOoo---Ôô----ooOo--------------------------- Antonio FONTES (well, me, actually) http://www.nxtg.net/saphyr/ (tout et rien en français) http://www.nxtg.net/is/ (blog - développeur web) E-mail: prenom.nom () mondomaine net -------------------------------------------------------------
-- ---------------------------------------------------- Jason Merriman Systems Administrator, America Online aim: jasonmerriman11 ----------------------------------------------------
Current thread:
- Securing file access John M. L. (Sep 27)
- Re: Securing file access Saphyr (Sep 29)
- Re: Securing file access Jason Merriman (Sep 29)
- Re: Securing file access Ian (Sep 29)
- Re: Securing file access Subs (Sep 30)
- RE: Securing file access Koen Vingerhoets (Sep 29)
- Re: Securing file access PD9 Software (Sep 29)
- Re: Securing file access Ben Timby (Sep 29)
- Re: Securing file access robbin (Sep 30)
- Re: Securing file access James Barkley (Sep 30)
- <Possible follow-ups>
- Re: Securing file access robbin (Sep 28)
- Re: Securing file access Ido Rosen (Sep 29)
- RE: Securing file access Bénoni MARTIN (Sep 28)
(Thread continues...)
- Re: Securing file access Saphyr (Sep 29)