开发者

Hiding, or obfuscating the url path to files

问答 作者:

I'm allowing users to upload .jpg, .pdf .doc .xls files to my webserver under their own account, then they can later click on the filename to view the document in a browser, or on the case of .doc .xls, they download it via the default browser prompt.

I'm wanting to hide开发者_运维技巧/obfuscate the url path so they don't know the exact path to get to the file, hoping to keep the files secure from other accounts/users.

I'm using php, apache

Here's and example path:

http://dev.site.com/administrator/account_files/1/documents/property_docs/1_68_1295980609myfile.pdf

How could I hide the url to something more like: 

http://dev.site.com/1_68_1295980609myfile.pdf

the main purpose is to remove the reference to "administrator/account_files/...."

Is there something with apache's mod_rewrite that I could do? I've read a few other posts where people used php's readfile() and used a different page, but I'm wondering if I'll have some performance problems with doing it this way.

Thanks for your advice.

It might cost you some performance, but it will probably not give any real problems when you use readfile. It's not much overhead. The file must be read anyway, so it's just a little overhead of running the PHP script.

I you do this, you can even choose to store the file in a folder outside your web root, or in a folder that is password protected by .htaccess. Both techniques won't keep readfile from reading the file, so both are good ways to really block the actual file from being read outside.

You should force PHP to download that file:

<?php
$file = 'path/to/your/file.zip';
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=$file");
header("Content-Type: application/zip"); // change to a specific mime type
header("Content-Transfer-Encoding: binary");

You'd need to create a table in order to read and store the paths. For example, look at how sites like http://bit.ly work; essentially they assign a unique string to a URL and that's what you're looking to do.

There are a number of PHP scripts that can shorten URLs for you and thus mask the paths, just do a Google search.

继续阅读:phpurl-rewriting

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9