Member Avatar for Ethernet-Summit

I am storing files in a folder on my Apache server. The files should only be accessible to those who are logged in and are in a directory that is not public knowledge.

I have set the permissions of the directory to 700 and the files are 700. The way they get the files is a script opens up the files, and then gives it to them.

What I want to know is, is is possible for unautharised users to find out the directory that the files are in? and is it possible for them to get hold of them? Also, what dangers should I becareful of when storing sensitive files in a directory like this?

Thanks in advance.

  • 2 Contributors
  • 1 Reply
  • 131 Views
  • 4 Days Discussion Span
  • Latest Post Latest Post by vark
Member Avatar for vark

apache htaccess might help you with general auth to your folders. Another option might be to store the files in a database and display them via database user permissions.

HTH,
vark

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.