开发者

Is it dangerous to put pdf files with cryptographically-generated-128-character file names in a public web folder?

I have a site that allow the user to request a secret report in a pdf format.

My idea is to put the generated pdf files in a public folder with disabled directory browsing.

Each file name consists of 128 characters that are uniquely and crypto开发者_开发技巧graphically generated.

The legitimate user will be given the link of his/her own report.

Is it dangerous to put pdf files with cryptographically-generated-128-character file names in a public web folder?


Well it does qualify as security-through-obscurity, so it's frowned upon. Think about following scenario's:

  • What happens when someone else gets a hold of the link? By snooping the connection, reading e-mails, hacking a computer which contains a bookmark/download history/cache. Since the link is always there, your document is now public.
  • If at any time in the future, a minor part of your server is compromised and the directory is indexed, even for a second, all files are public. This can be one badly-written script, one injection, one XSS-vulnerability, one currently unknown zero-day. You are exposing your documents to the weakest link.

You should probably not do this. Instead, keep the documents at a secure location, out of the document-root. Then when an authenticated user asks for the document over a secure (HTTPS) connection, serve the document using a script that reads the document and writes it over the connection. No temporary files in the documentroot!


Why not simply enable download from your script?

download.php?file=128_char_filename.pdf

Where download.php checks the users permission for that file. That way you would not have "secure" pdf files in a public folder.

Forcing a file download with ASP.NET: http://www.haiders.net/post/Force-File-Download-with-ASPNET.aspx

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜