How to let a user securely access files on the server
I'm working on a web app that allows scientists to submit to a high performance computing cluster 开发者_开发技巧through a web interface. The users fill in some data about their experiment, upload some files and the web app takes care of the rest.
At the end of the computation the users need to be able to access their resultant files. They are around 1 GIG in size.
I want to allow the users to browse these files but I don't know how to do it securely. Users should not be able to browse files that are not theirs. The files are already stored in a directory outside of webroot and owned by the Apache user.
I'm working in PHP, any advice on how to implement something like this?
My first reaction is, don't do it-go and get help. Security is not a job for the ill-prepared, no matter how well meaning. You need a consultant expert to advise and implement this portion, and then provide you with an authentication framework and API to the data.
Remember the recent global warming email scandal-scientific data may be sensitive.
I might suggest storing the files in distinct directories (by permission) and then opening up an FTP server with SSL for browsing/downloading the results.
精彩评论