I have a typical MVC based website, and I’d like to give some registered users the abillity to extract data from the database (in a variety of formats). The workflow is very simple:
- User logs in,
- User clicks export,
- A file is generated,
- User downloads the file.
I’m trying to figure out a way to secure the last step and limit access to the file. In order for the user to be able to download the file, it should be in a publicly accessible folder. That, however, means that the file is accesible to everyone else that has access to its full url.
I thought of a few possible solutions:
-
Email the export file
Instead of having the user download the file, I could simply email it to their email (the one they used to register on the site). This seems like a decent option when the export files are small, but I don’t think it’ll be optimal for larger files.
-
.htaccess magic
I could automagically generate an .htaccess in the export dir that would only let the user who requested the export access it. Also a decent option, but it’s webserver specific and IP based. I don’t know if Apache will always be the webserver of choice for the project, and I’m not sure an IP based solution is actually secure.
-
Store the export file in a private folder and have the user fetch it through ftp
Secure, but not particularly user friendly.
All my options seem to have problems, and I’m at that point where I’m completely stuck and can’t shake the feeling I’m missing something obvious. Am I? Is there a better workflow?
I’m more interested in a high level overview than technical details, the project is still in its early days and technical requirements haven’t yet stabilized (e.g. we may not use Apache after all). The project is build in PHP, but I don’t think that matters (does it?).
Thanks.
You could serve the file via your PHP script, which checks if the user is authentificated.
E.g. pseudocode
if session.user is loggedIn
filename = url.filename
if filename belongs to session.user
fetchfile(filename)
else
"you are not authorized to download this file"
else
"please log in"
so only the user requested the export is able to download it. If another user gets the url he cannot download anything.
Don’t generate a file prior to authorizing request. This might be an expensive operation. First make sure that user has the necessary permissions and then generate files accordingly.
Since you are generating files on the fly, why store them? Can you not just serve files through response object and forget about them?
1