Reputation: 1015
Secure image download (by url) with php
I would like to allow users to download images from URL (same as you can see on imgur.com), i know how to do it with copy() or curl() or file_get_contents but is that 100% secure ?
What is the most secure way to do it ?
Thanks
Upvotes: 0
Views: 847
Answers (1)
Reputation: 120506
Is that 100% secure ?
No. Nothing is.
If you're trying to prevent eavesdropping, where an attacker can figure out what a user is downloading, then using https for everything on the download page should be sufficient for almost anything web related.
Even with https, an attacker might be able to tell. If there's one particularly large file, simple traffic analysis (looking at how much is downloaded) will tell you when it's downloaded.
If you allow uploading of SVG images, then, since they can contain and run scripts, they can phone home when downloaded and displayed.
You might also want to check out Tor which provides better browser based anonymity. It's plugin-based, but if you can suggest that your users use it, it can provide an additional layer of protection -- even if an eavesdropper can tell what is being downloaded it will be much harder to tell who is downloading it.
Upvotes: 2
Related Questions
- Allow user to download external image using PHP
- Download files from HTTPS url PHP
- How to protect download URLs to be stolen with PHP?
- How do I download a image securely when the user click on a link with PHP?
- Php - Secure File Download Facility
- Secure file download in PHP, deny user without permission
- PHP: Download an image via its url and prompt user to saveit
- Safe image download from PHP
- Downloading remote image via php (securely)
- How to not allow users(or hackers) to download a file directly from web server?