Dziamid
Reputation: 11581
Secure file management with symfony
By default, symfony uploades file to web/upload folder, so they are accessible for anyone. I need to check user credentials on every request to a file. How should I do this?
Upvotes: 1
Views: 1218
Answers (1)
Maerlyn
Reputation: 34107
Move your uploads outside of your webroot, like in /data/uploads. In that case, you'll need to put this in your ProjectConfiguration file:
sfConfig::set('sf_upload_dir' => sfConfig::get("sf_data_dir") . DIRECTORY_SEPARATOR . 'uploads');
Provided that you always used sf_upload_dir to specify the uploads folder, all your files will get saved there.
The second part of the solution needs a new action, that gets a filename, checks if the user has access to it, and returns:
- either a 403 error
- or the file contents via
readfile(), after setting the correct Content-Type and Content-Lenght headers.
Upvotes: 5
Related Questions
- symfony upload file without saving it on the server
- File Upload Symfony
- symfony2 file upload
- Serving file from secure location with Symfony
- Symfony2: How to protect uploaded media?
- Uploading file in Symfony
- Symfony 2 handling file uploads
- Symfony 2.2 upload files
- Most Secure Way to Store Uploaded Files
- Secure a download link in Symfony 2