Is it dangerous to put pdf files with cryptographically-generated-128-character file names in a public web folder?
I have a site that allow the user to request a secret report in a pdf format.
My idea is to put the generated pdf files in a public folder with disabled directory browsing.
Each file name consists of 128 characters that are uniquely and crypto开发者_开发技巧graphically generated.
The legitimate user will be given the link of his/her own report.
Is it dangerous to put pdf files with cryptographically-generated-128-character file names in a public web folder?
Well it does qualify as security-through-obscurity, so it's frowned upon. Think about following scenario's:
- What happens when someone else gets a hold of the link? By snooping the connection, reading e-mails, hacking a computer which contains a bookmark/download history/cache. Since the link is always there, your document is now public.
- If at any time in the future, a minor part of your server is compromised and the directory is indexed, even for a second, all files are public. This can be one badly-written script, one injection, one XSS-vulnerability, one currently unknown zero-day. You are exposing your documents to the weakest link.
You should probably not do this. Instead, keep the documents at a secure location, out of the document-root. Then when an authenticated user asks for the document over a secure (HTTPS) connection, serve the document using a script that reads the document and writes it over the connection. No temporary files in the documentroot!
Why not simply enable download from your script?
download.php?file=128_char_filename.pdf
Where download.php checks the users permission for that file. That way you would not have "secure" pdf files in a public folder.
Forcing a file download with ASP.NET: http://www.haiders.net/post/Force-File-Download-with-ASPNET.aspx
精彩评论