Hmm, I hoped that this was a safe way to store files (documents) - but it isn't?
Ex. I installed the script in a catalog called 'files'. in this catalog (on the server of course) I made a new dir, called "myfiles", in this catalog the files I uploaded were stored.
I CHMODED the catalog into '777', so I could upload and see the files. But, if I point my browser at "http://www.mydomian.com/files/myfiles" everybody can see my files.
Am I doing anything wrong, or it is how it's ment to be?
Thank you very much for your answer!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You are right, this is not a safe approach. You can make it much more secure in two ways:
1) your catalog where you store your files could be in location which is not public, for instance your home on server is like that: /home/domain then usually public part is in some subdirectory, for instance: /home/domain/public-www. So you can create your catalog myfiles in following localization: /home/domain/myfiles and as a result it won’t be available for everybody.
2) or you can create following structure:
Myfiles
|-.htaccess (file)
|- public
Myfile/public is a place where you will store your files. And .htaccess file is responsible for limit access to that subdirectory only from localhost.
Content of that file:
---------------------------------------------
# options the .htaccess files in directories can override.
# Edit apache/conf/httpd.conf to AllowOverride in .htaccess
# AllowOverride AuthConfig
# Stop the directory list from being shown
Options -Indexes
# Controls who can get stuff from this server.
Order Deny,Allow
Deny from all
Allow from localhost
-----------------------------------------------
I hope that it will help you and that at least one solution is suitable for you.
BTW it’s a good idea to protect for instance configuration in the same way (.htaccess).
If you have any further questions or something is not clear then please don't hesitate to ask.
--
Cheers,
Marek
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi again,
Hmm, I hoped that this was a safe way to store files (documents) - but it isn't?
Ex. I installed the script in a catalog called 'files'. in this catalog (on the server of course) I made a new dir, called "myfiles", in this catalog the files I uploaded were stored.
I CHMODED the catalog into '777', so I could upload and see the files. But, if I point my browser at "http://www.mydomian.com/files/myfiles" everybody can see my files.
Am I doing anything wrong, or it is how it's ment to be?
Thank you very much for your answer!
Hi again,
You are right, this is not a safe approach. You can make it much more secure in two ways:
1) your catalog where you store your files could be in location which is not public, for instance your home on server is like that: /home/domain then usually public part is in some subdirectory, for instance: /home/domain/public-www. So you can create your catalog myfiles in following localization: /home/domain/myfiles and as a result it won’t be available for everybody.
2) or you can create following structure:
Myfiles
|-.htaccess (file)
|- public
Myfile/public is a place where you will store your files. And .htaccess file is responsible for limit access to that subdirectory only from localhost.
Content of that file:
---------------------------------------------
# options the .htaccess files in directories can override.
# Edit apache/conf/httpd.conf to AllowOverride in .htaccess
# AllowOverride AuthConfig
# Stop the directory list from being shown
Options -Indexes
# Controls who can get stuff from this server.
Order Deny,Allow
Deny from all
Allow from localhost
-----------------------------------------------
I hope that it will help you and that at least one solution is suitable for you.
BTW it’s a good idea to protect for instance configuration in the same way (.htaccess).
If you have any further questions or something is not clear then please don't hesitate to ask.
--
Cheers,
Marek
Or if you are on a windows box and would like to use the same server as your active directory home drive:
browser.php about line 83
// check if it is absoulute path
// assumtion: unix type paths e.g. /home/domain/www/sth
if (substr($dir,0,1) == "/") {
$browserRoot = $dir;
}
else {
// it's relative path
if ( strlen($dir) > 0 && $dir != "." ) {
$browserRoot = "//SERVER/PATH" . $dir;
} else {
$browserRoot = BROWSER_BASE;
}
}
Then for users have their homedrives as user.root=folder like in active directory.