1

I am trying to create a folder structure like so:

  • Uploaded files
    • a
      • aaron.doe@hotmail.com
    • b
    • c
    • ...all the way to z

one level ABOVE the public web directory. The only unique key (besides the user_id itself) is the user email, since their email is their username, so...

Question: Would people be able to access these directories and get a hold of all user's email address? How bad of an idea is this? What possible alternatives do you suggest?

Thanks.

Smamatti
  • 3,901
  • 3
  • 32
  • 43
user482520
  • 77
  • 2
  • 9
  • 2
    why don't you store those emails in a database? – RageZ Dec 22 '11 at 22:41
  • I think he wants to use the email address as the folder name. – jprofitt Dec 22 '11 at 22:43
  • You can do it like that- you just might want to set some Apache Access rules to restrict access to that particular directory. RageZ - I don't think uploaded files should go in the database. Maybe if you implemented a look-up table that could work. – Kevin Dec 22 '11 at 22:44
  • The email addresses are being stored in the db. What I will have is a system that will involve uploading and downloading client files, and I need a way to somehow keep track of their files without searching ALL files available. – user482520 Dec 22 '11 at 22:44
  • @jprofitt Yes, and _RageZ_ explained a possible alternative which was requested :-) – Smamatti Dec 22 '11 at 22:44
  • To clarify - by "above" you mean inside the web root, or outside? – Pekka Dec 22 '11 at 22:50

4 Answers4

1

Definitely make sure you use hashes instead of plain-text E-Mail addresses. That is a must.

Other than that, I guess this is as safe (and unsafe) as a solution can be that is based on security through obscurity (i.e. your security relies solely on the fact that nobody knows the URLs - but if they do, they can access them without limitation.) There are many potential holes - a user could bookmark a URL; it could be embedded somewhere on a page; it can be stored in server, browser, and proxy logs...

Pekka
  • 442,112
  • 142
  • 972
  • 1,088
  • Suppose I implemented Apache Access rules as Kevin suggested above. Even if people found out the url of those folders (which would be email addresses), would they be able to access them, since they would be located in a folder above the web directory? How easy would it be for somebody to iterate through these folders and extract all email addresses? Would they have access to do this? – user482520 Dec 22 '11 at 22:53
  • @user if the directory is *outside* the web root, no outside user will have access to the directory. That includes, however, the users of your web site. Is that what you want? – Pekka Dec 22 '11 at 22:54
  • So if I provided a link to the user's files, so they could be downloaded, at user login, they would not be accessible to the user? – user482520 Dec 22 '11 at 22:56
  • @user if you place them outside the web root: No, they wouldn't be accessible. If you want them accessible by the user, you have to either put them inside the web root (where the problems described above apply), or create a PHP script that fetches the file for the user. If you combine such a script with a log-in check, you have a secure solution - that is the most common approach. – Pekka Dec 22 '11 at 23:11
0

Take a look at the PHP dir function: http://php.net/manual/en/class.dir.php

If you want the folders to be publicly accessible to your users via the web, why put the folders above the web root?

Also, you may consider using some sort of hash for the folder names, 1) because nobody wants their email addresses publicly revealed, and 2) revealing internal user_ids could lead to exploits.

Thor
  • 659
  • 4
  • 10
0

As Pekka just replied; it might be a good idea to hash the email addresses since there's a big chance that the links might be posted to a forum or similar, and the post might then get crawled by an email address crawler. I think that just a simple hash (e.g. md5) of the address would (almost) solve this.

See this thread on how to prevent directory listing, and what to do if the Apache way doesn't work.

Community
  • 1
  • 1
Magnus
  • 417
  • 4
  • 18
0

Hash the e-mails to use as folder names and put it above web root.

You can use a simple autentication to give access to this files and a php file to read them and send them to the browser.

Ricardo Souza
  • 16,030
  • 6
  • 37
  • 69