Password protected folders implementation question

Hi,

I'm new to apache and testing it offline. The website that I'm
building let registred users create files and then download them.

It would be much help to me if someone could tell me if I'm not going
the wrong way to secure access to some folders.

The data are stored with a structure like:

/somefolder/archives/user1/tool1/session1/dxf/dxf1.zip
/somefolder/archives/user1/tool1/session2/dxf/dxf2.zip
/somefolder/archives/user1/tool1/session2/shp/shp1.zip
/somefolder/archives/user1/tool1/session3/jpg/jpg1.zip
/somefolder/archives/user1/tool2/session4/png/image.png

Of course, the real folder names are different.

When files are created, dynamically written download links points
directly to the them. (I'll most probably user some Alias to the
archives folder.

I would like the user data to be downloadable only from their owner,
but the authentification should be asked once and not every time a
user clicks a download link as many products can be created 'one-
shot'.
Moreover, a user should be allowed to open its folder and browse it to
find data he created by the past. This is why the main folder name is
"archives".
For example, user1 should be able to open its "user1" folder thanks to
a password, browse its content until he finds the dxf2.zip file or the
image.png file and download the file.

But the user should not be allowed to see other user names nor to
access their content without password.

The user1, user2, ... files are created dynamically by my program that
knows the user password at this step.

My idea is the following:
1) put an .htaccess file in each user folder storing the password
required to open the folder.
2) make that a password is necessary to open any user folder but is
not then asked when the allowed user browse the subfolders.
3) make that the password is also asked once if the user tries to
directly access to some subfolder (e.g. using favorites)
4) ask the user its password just before dynamically writing the
webpage with download links and make him the download links efficient
for some time without password.

Can someone tell me if the idea of an .htaccess file per user folder
is pertinent and sufficient and give me tips for the implementation
(useful directives, options that I should look at) ?

Probably the most difficult is allowing the download links to work
without asking password again. Tips for this would be much
appreciated.


As my situation is certainly not new, I would also appreciate if
someone knew some good "webpaper" about this topic.

Thanks in advance.

On May 2, 10:14 pm, geomet...@fastmail.fm wrote:
> Hi,
>
> I'm new to apache and testing it offline. The website that I'm
> building let registred users create files and then download them.
>
> It would be much help to me if someone could tell me if I'm not going
> the wrong way to secure access to some folders.
>
> The data are stored with a structure like:
>
> /somefolder/archives/user1/tool1/session1/dxf/dxf1.zip
> /somefolder/archives/user1/tool1/session2/dxf/dxf2.zip
> /somefolder/archives/user1/tool1/session2/shp/shp1.zip
> /somefolder/archives/user1/tool1/session3/jpg/jpg1.zip
> /somefolder/archives/user1/tool2/session4/png/image.png
>
> Of course, the real folder names are different.
>
> When files are created, dynamically written download links points
> directly to the them. (I'll most probably user some Alias to the
> archives folder.
>
> I would like the user data to be downloadable only from their owner,
> but the authentification should be asked once and not every time a
> user clicks a download link as many products can be created 'one-
> shot'.
> Moreover, a user should be allowed to open its folder and browse it to
> find data he created by the past. This is why the main folder name is
> "archives".
> For example, user1 should be able to open its "user1" folder thanks to
> a password, browse its content until he finds the dxf2.zip file or the
> image.png file and download the file.
>
> But the user should not be allowed to see other user names nor to
> access their content without password.
>
> The user1, user2, ... files are created dynamically by my program that
> knows the user password at this step.
>
> My idea is the following:
> 1) put an .htaccess file in each user folder storing the password
> required to open the folder.
> 2) make that a password is necessary to open any user folder but is
> not then asked when the allowed user browse the subfolders.
> 3) make that the password is also asked once if the user tries to
> directly access to some subfolder (e.g. using favorites)
> 4) ask the user its password just before dynamically writing the
> webpage with download links and make him the download links efficient
> for some time without password.
>
> Can someone tell me if the idea of an .htaccess file per user folder
> is pertinent and sufficient and give me tips for the implementation
> (useful directives, options that I should look at) ?
>
> Probably the most difficult is allowing the download links to work
> without asking password again. Tips for this would be much
> appreciated.
>
> As my situation is certainly not new, I would also appreciate if
> someone knew some good "webpaper" about this topic.
>
> Thanks in advance.

rather than mixing basic auth with php, I would tend to use HTML_Auth
(pear class)
this would allow all the security to happen in one layer, easily.
sorry my answers so short, I understand what you are trying to do, and
think that youre better off using scripting to acheive it.
Have you considered what your users might try to uploda, and have yuo
thought of storing all the files well away from the web document root,
so that the files cannot be called directly in a browser. This way you
remove the possibility for embedding attacks, and the like. Write a
"proxy" or "download handler" script and perhaps consider using
rewrites to send the value of the file requested to the
file_download.php script, so that your users get to use a nice looking
url but the request is rewritten internally to use the php script,
which of course doesnt execute the file as it sends it for download.

The "archives" folder is out of the "www" (i.e. htdocs) folder and the
dynamically written anchors point to the files stored in its
subfolders. The idea was to make the archive folder harder to find for
hackers. Is this a problem for accessing the files?

I found some interesting "How-to" paper on Apache's website, giving
advices for authentified access. Maybe I should write all folders
access rights for all users in the config file. This avoids the server
to browse the folders at all levels to find .htaccess files. Then the
server is faster. The counterpart is that if all user names and
passwords are stored in the config file. So I assume that this file
must be especially protected.

I still have to see how to prevent users from uploading files to their
folders. They shoud only be allowed to download their files. Tricks
welcome!

You suggested using PHP but this is currently not in my plans.

Thank you.

>
> rather than mixing basic auth with php, I would tend to use HTML_Auth
> (pear class)
> this would allow all the security to happen in one layer, easily.
> sorry my answers so short, I understand what you are trying to do, and
> think that youre better off using scripting to acheive it.
> Have you considered what your users might try to uploda, and have yuo
> thought of storing all the files well away from the web document root,
> so that the files cannot be called directly in a browser. This way you
> remove the possibility for embedding attacks, and the like. Write a
> "proxy" or "download handler" script and perhaps consider using
> rewrites to send the value of the file requested to the
> file_download.php script, so that your users get to use a nice looking
> url but the request is rewritten internally to use the php script,
> which of course doesnt execute the file as it sends it for download.- Masquer le texte des messages précédents -
>
> - Afficher le texte des messages précédents -