Reputation: 1810
Encrypting URLs in PHP
I have uploaded some files on server. The link provided to me is pretty simple i-e; no signs/ symbols etc. If I provide the same link to the user for downloading the data, it might result in hacking of my server or loss of data. Now my question is how to encrypt this kind
www.hello.com/myApp/myFile.mp3
of url and provide the encrypted url to the user which the browser can understand.
Regards
Upvotes: 0
Views: 3368
Answers (2)
Reputation: 5884
Correct me if I misunderstand, but are you trying to prevent someone from downloading the file unless you tell them it's ok to download it?
Then the threat is that someone may find the file linked on a search engine or be able to guess it.
There are a few ways to make that threat less likely.
Make the url very long and unguessable. Simply rename the file to some random value could work. From the command line (linux)
echo http://example.com/file.mpe $(date) | md5sum d8a5e8d341135379b8ad38f1d06970beOr even easier, choose a random password from http://tooln.net/pw/ and rename the file to one of the passwords without symbols. Either is difficult to guess.
If you know the person, you could easily share a password and set a password on the directory. You can turn on passwords per directory through apache.
Turn off indexing of the site through robots.txt.
Upvotes: 1
Reputation: 24413
A URL can be encrypted, but if a browser can understand it, decrypting it would be a trivial process for a hacker. I'm assuming what you want to do is to prevent too many people from accessing your URL. To do this, you will have to have either some sort of user login system or an IP based limitation. Both of these would have to be backed by a database.
Instead of linking directly to the file, you would link to something like download.php?fileid=$some_file_id and in your database, you just insert the user ID (or IP address) and file ID every time the file is download. Then to display the file back to the user, you would check how many downloads of that file have been made by the user and if it is less than your threshold, e.g.:
SELECT COUNT(*) FROM downloads WHERE user = :user AND file_id = :id
Then get PHP to echo the contents of the file to the browser.
Add other clauses such as limiting it to X downloads in the past 24 hours, etc. or however you would like to work it.
Other things you could do would be storing the files outside the document root (or protecting direct access with .htaccess or similar), and including a hash of the file name in the link, so someone couldn't just do download.php?fileid=1 and guess the next one is download.php?fileid=2.
Upvotes: 0
Related Questions
- Encrypting data in url
- php encrypt and decrypt
- Encrypt parameter in url
- How to encrypt url and decrypt to access denied access content?
- PHP Openssl Encrypt Data For URL
- Generate encrypted string that can be used directly in URLs
- How can I encrypt an URL (or rather the GET parameter part of it) using PHP?
- Encrypting URL and securing server
- How can I encrypt a PHP variable (a link)?
- Encrypting URL inside PHP code