The safest way to store downloaded files

Question

The safest way to store downloaded files

I save the downloaded files in a web directory:

//src/Acme/CocoBundle/Entity/CocoFromTheNorth.php
/**
 * @ORM\Column(type="string", length=255, nullable=true)
 */
public $path;

protected function getUploadRootDir()
{
    return __DIR__.'/../../../../web/'.$this->getUploadDir();
}

protected function getUploadDir()
{

    return 'uploads/documents';
}

Is this a good practice? Wouldn't it be better to save the downloaded files outside the web directory so that users cannot directly access them?

Do I think the best way is to save the downloaded files outside the root of the website? Where would it be better? Or how can I configure the web server to deny access to the uploads directory?

+5

symfony

Mick Jun 11 '12 at 6:48

source share

1 answer

Ja͢ck · Accepted Answer · 2012-06-11T06:59:53+0000

He prefers to save the downloaded files outside the web directory and use it X-SendFileto maintain these files after you set the permissions using PHP.

I have outlined something similar here: How to safely store files on a server

: HTTP- PHP

The safest way to store downloaded files

More articles: