MySQL file storage

A

Anonymous

Guest
Hi all,

I am trying to store files and images inside of MySQL and I have different feedback regarding this. Some say yes and some say bad.

Well, if I store those files or pictures in the file system, then how can I make the files secure?
Hmm... any advice would be greatly appreciated.


regards
 
.htaccess would be fine for a public folder - either s simple order allow,deny or a mod_rewrite rule to send bad referers elsewhere.

the alternative is to use a getter script and check either the referer or a session (session being a tad better as not all browsers send a referer header) - see fetching images thread for a simple getter script - just add

if($_SESSION['allow_images'])
{
// get
}

and instantiate a session var named 'allow_images' in the calling pages.
 
xyoon said:
Well, if I store those files or pictures in the file system, then how can I make the files secure?
Click to expand...

Why do you assume that storing them in a database is inherently more secure?
 
Hi,

Thank you very much for your reply.

Let say I have a file data.xml in the main directory
and how can I stop user from typing http://www.mydomain.com/data.xml and gaining access to the file?

This is one of my major concerns and if we store it in a database, then the access to all these files are being control by the script.

Hope to hear your suggestions.
Thank you.



regards
 
With a rather simple .htaccess file, you can tell the server not to serve files of a particular type or specific files.

Unfortunately, I'm no Apache whiz, but here are some pages that might be of interest:

<FilesMatch> directive:
http://httpd.apache.org/docs/mod/core.html#filesmatch

Order, Allow, and Deny:
http://httpd.apache.org/docs/mod/mod_access.html

Here are some pages that are relevant:
http://www.ibiblio.org/mdw/HOWTO/Secure-Programs-HOWTO/prevent-include-access.html
http://forums.devshed.com/t8908/s.html

Both of them mention .inc files, but the same could apply for files with any extension.

Of course, if you don't want to mess about with .htaccess, the best way to keep prying eyes off of your files is to put them outside the document root.
 
Hi swirlee,

Thanks for your reply, but I am not hosting my site on my own server so i don't think I am able to change any server setting...
:(

What about the getter script thing that pootergeist suggest above.
I am not entirely clear about that but if it does not require any server setting changes, then I think I will look into it.


regards
 
xyoon said:
Thanks for your reply, but I am not hosting my site on my own server so i don't think I am able to change any server setting...
Click to expand...

Using .htaccess doesn't require you to change any server settings, but your server may be configured to ignore your .htaccess files. It's worth looking into.
 
if your data.xml file is being read in by a script you can put the file beneath the public_html file. Anything you do not want people to directly access put in your home dir named includes
 
Redcircle said:
if your data.xml file is being read in by a script you can put the file beneath the public_html file. Anything you do not want people to directly access put in your home dir named includes
Click to expand...
it's mean that youre script may use any file in any dir, if you know what's dir and what's file.
heh...... field for hacking.....
dose anybody know who is Kevin Mitnik?

actualy you may give a permission to file (Why Unix better whan Windows) for example for run and read or for list of files and no one cannot run or view file :!: see man chown and man chmod
 
swirlee is right! need manage by directive of Apache, but need know how!
 
Thanks for all your reply.
Swirlee, do you know if there is any good tutorial on how to deal with the .htacess file. I am not too sure how. Thanks.

Kevin Mitnik? Isn't him that genious hacker. I heard that from my friend. I think he even has a book published if I am not mistaken.
 
http://www.google.com/search?sourceid=navclient&q=%2Ehtaccess+manual
 
You must log in or register to reply here.
Back
Top