Securely serving files

Re: Securely serving files

Nicholas Sherlock wrote:[color=blue]
> Hey all,
>
> People on my website register to be allowed access to certain downloads.
> I store these files above the document root so that they can't be
> accessed by Apache (Only from PHP). I wrote a file serving script which
> dumps the correct headers for the download and calls readfile().
>
> I thought everything was going swimmingly until I realized that my
> webhost has Safe Mode turned on, and the script execution time is
> limited to 30 seconds. If your file takes longer than that to download,
> then too bad :).
>
> So how can I do this? The files that I am serving are no larger than
> about 2 megabytes.
>
> It seems that one option would be to make a copy of the file I want to
> serve, but below the document root so that it is available from the
> browser. I'd give the file a randomly generated name that couldn't just
> be guessed, and just write a regular link to the browser. Has anyone
> tried this, and did it work out okay for you? How did you go about
> cleaning up files after the client has downloaded them? Is there a
> better option?
>
> Cheers,
> Nicholas Sherlock[/color]

Why not just include() the file?

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: Securely serving files

Yes actually I've done that before. It works just fine, as for cleaning
the files up afterward you could just use crontab. Assuming your using
Linux. Windows probably has something similar.
Nicholas Sherlock wrote:[color=blue]
> Hey all,
>
> People on my website register to be allowed access to certain downloads.
> I store these files above the document root so that they can't be
> accessed by Apache (Only from PHP). I wrote a file serving script which
> dumps the correct headers for the download and calls readfile().
>
> I thought everything was going swimmingly until I realized that my
> webhost has Safe Mode turned on, and the script execution time is
> limited to 30 seconds. If your file takes longer than that to download,
> then too bad :).
>
> So how can I do this? The files that I am serving are no larger than
> about 2 megabytes.
>
> It seems that one option would be to make a copy of the file I want to
> serve, but below the document root so that it is available from the
> browser. I'd give the file a randomly generated name that couldn't just
> be guessed, and just write a regular link to the browser. Has anyone
> tried this, and did it work out okay for you? How did you go about
> cleaning up files after the client has downloaded them? Is there a
> better option?
>
> Cheers,
> Nicholas Sherlock[/color]

Re: Securely serving files

On 2006-02-11, Jerry Stuckle <jstucklex@attg lobal.net> wrote:
[color=blue]
> Why not just include() the file?[/color]

not reccomended for binary files - they might have <? in them somewhere...



--

Bye.
Jasen

Re: Securely serving files

On 2006-02-11, Nicholas Sherlock <N.sherlock@gma il.com> wrote:
[color=blue]
> Hey all,
>
> People on my website register to be allowed access to certain downloads.
> I store these files above the document root so that they can't be
> accessed by Apache (Only from PHP). I wrote a file serving script which
> dumps the correct headers for the download and calls readfile().
>
> I thought everything was going swimmingly until I realized that my
> webhost has Safe Mode turned on, and the script execution time is
> limited to 30 seconds. If your file takes longer than that to download,
> then too bad :).
>
> So how can I do this? The files that I am serving are no larger than
> about 2 megabytes.
>
> It seems that one option would be to make a copy of the file I want to
> serve, but below the document root so that it is available from the
> browser.[/color]

if it's a *nix server make a link instread of a copy of the file it's much
faster, and uses much less disk space.
[color=blue]
> I'd give the file a randomly generated name that couldn't just
> be guessed, and just write a regular link to the browser. Has anyone
> tried this, and did it work out okay for you? How did you go about
> cleaning up files after the client has downloaded them? Is there a
> better option?[/color]

Store the names and delete any that have been sitting there for more than 30
seconds, or spawn a background script that sleeps for 30 seconds and then
deletes the copy.

With unix the download will continue even after the file is no longer present
windows will ( I think) give an error and not delete the file so you'd have
to find a way to detect that, sleep again, and retry.

Bye.
Jasen

Re: Securely serving files

Jasen Betts wrote:[color=blue]
> On 2006-02-11, Jerry Stuckle <jstucklex@attg lobal.net> wrote:
>
>[color=green]
>>Why not just include() the file?[/color]
>
>
> not reccomended for binary files - they might have <? in them somewhere...
>
>
>[/color]

He didn't say the were binary files.

And even if they were, he'd have exactly the same problem with
readfile() - which he is currently using.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: Securely serving files

Jasen Betts wrote:[color=blue]
> if it's a *nix server make a link instread of a copy of the file it's much
> faster, and uses much less disk space.[/color]

The Symlink() command? Awesome!
[color=blue]
> Store the names and delete any that have been sitting there for more than 30
> seconds, or spawn a background script that sleeps for 30 seconds and then
> deletes the copy.
>
> With unix the download will continue even after the file is no longer present
> windows will ( I think) give an error and not delete the file so you'd have
> to find a way to detect that, sleep again, and retry.[/color]

I'm on Unix. Thanks, this is an excellent solution.

Cheers,
Nicholas Sherlock

Re: Securely serving files

On Sat, 11 Feb 2006 16:56:08 -0500, Jerry Stuckle <jstucklex@attg lobal.net>
wrote:
[color=blue]
>Jasen Betts wrote:[color=green]
>> On 2006-02-11, Jerry Stuckle <jstucklex@attg lobal.net> wrote:
>>[color=darkred]
>>>Why not just include() the file?[/color]
>>
>> not reccomended for binary files - they might have <? in them somewhere...[/color]
>
>He didn't say the were binary files.
>
>And even if they were, he'd have exactly the same problem with
>readfile() - which he is currently using.[/color]

No, readfile() doesn't execute the file as PHP. include() does. They're very
different..

--
Andy Hassall :: andy@andyh.co.u k :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool

Re: Securely serving files

Andy Hassall wrote:[color=blue]
> On Sat, 11 Feb 2006 16:56:08 -0500, Jerry Stuckle <jstucklex@attg lobal.net>
> wrote:
>
>[color=green]
>>Jasen Betts wrote:
>>[color=darkred]
>>>On 2006-02-11, Jerry Stuckle <jstucklex@attg lobal.net> wrote:
>>>
>>>
>>>>Why not just include() the file?
>>>
>>>not reccomended for binary files - they might have <? in them somewhere...[/color]
>>
>>He didn't say the were binary files.
>>
>>And even if they were, he'd have exactly the same problem with
>>readfile() - which he is currently using.[/color]
>
>
> No, readfile() doesn't execute the file as PHP. include() does. They're very
> different..
>[/color]

Please read the original post. He is not outputing a php file. It is
text - and would not be executed.


--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: Securely serving files

On 2006-02-12, Jerry Stuckle <jstucklex@attg lobal.net> wrote:[color=blue]
> Andy Hassall wrote:[color=green]
>> On Sat, 11 Feb 2006 16:56:08 -0500, Jerry Stuckle <jstucklex@attg lobal.net>
>> wrote:
>>
>>[color=darkred]
>>>Jasen Betts wrote:
>>>
>>>>On 2006-02-11, Jerry Stuckle <jstucklex@attg lobal.net> wrote:
>>>>
>>>>
>>>>>Why not just include() the file?
>>>>
>>>>not reccomended for binary files - they might have <? in them somewhere...
>>>
>>>He didn't say the were binary files.
>>>
>>>And even if they were, he'd have exactly the same problem with
>>>readfile() - which he is currently using.[/color]
>>
>>
>> No, readfile() doesn't execute the file as PHP. include() does. They're very
>> different..
>>[/color]
>
> Please read the original post. He is not outputing a php file. It is
> text - and would not be executed.[/color]

php files are (usually) text files...
With include() it would be executed if it contained php tags.
The .php filename extension is only significant to the web server.




--

Bye.
Jasen

Re: Securely serving files

On 2006-02-12, Nicholas Sherlock <N.sherlock@gma il.com> wrote:[color=blue]
> Jasen Betts wrote:[color=green]
>> if it's a *nix server make a link instread of a copy of the file it's much
>> faster, and uses much less disk space.[/color]
>
> The Symlink() command? Awesome![/color]

symlinks depend on the apache configuration.

hard links (the link() function) are indistinguishab le from
real files.

as long as the file you're linking to is on the same partition as the web
site (and is readable by PHP - you already said it was) link() is probably
the best way to go.
[color=blue][color=green]
>> Store the names and delete any that have been sitting there for more than 30
>> seconds, or spawn a background script that sleeps for 30 seconds and then
>> deletes the copy.[/color][/color]

shell_exec (" ( sleep 30 ; rm '$filename' ) &");

but that doesn't work in safe mode... :( someone else may have an
alternative.


Bye.
Jasen

Re: Securely serving files

Jasen Betts wrote:[color=blue]
> On 2006-02-12, Nicholas Sherlock <N.sherlock@gma il.com> wrote:[color=green]
>> The Symlink() command? Awesome![/color]
>
> symlinks depend on the apache configuration.
>
> hard links (the link() function) are indistinguishab le from
> real files.
>
> as long as the file you're linking to is on the same partition as the web
> site (and is readable by PHP - you already said it was) link() is probably
> the best way to go.[/color]

I'm using Symlink() right now with success. What is the difference
between hard links and symlinks? Is there any reason to switch?
[color=blue]
>[color=green][color=darkred]
>>> Store the names and delete any that have been sitting there for more than 30
>>> seconds, or spawn a background script that sleeps for 30 seconds and then
>>> deletes the copy.[/color][/color]
>
> shell_exec (" ( sleep 30 ; rm '$filename' ) &");
>
> but that doesn't work in safe mode... :( someone else may have an
> alternative.[/color]

Since it isn't that critical when the link expires, I just delete all
previous links every time I create a link. Hopefully there won't be any
concurrency issues there.

In safe mode, the folders that you create with mkdir get Apache's ID,
not the ID of the script, and are therefore not accessible from PHP
scripts. The solution was to use the ftp_* functions of PHP to create a
folder, which then has the correct ID for access.

Cheers,
Nicholas Sherlock

Cheers,
Nicholas Sherlock

Re: Securely serving files

Alternatively, you can use chmod() to change the file attributes to
allow reading/writing of the file. Might be faster than the ftp
functions.

Hard links point to the data (ie: they're just a normal file). When
all the hard links to the data are gone, then the data is deleted.
They also cannot cross volumes.

Symlinks point to a file (which points to the data). The effect being,
if you delete the symlink, the original file is still there. They can
cross volumes as they just have a file path they point to.

Apache can be setup to follow, not follow, and change the owner id of
symlinks. Since you said symlinks are apparently working, I don't
think it matters which you choose in this case.

Re: Securely serving files

Richard Levasseur wrote:[color=blue]
> Alternatively, you can use chmod() to change the file attributes to
> allow reading/writing of the file. Might be faster than the ftp
> functions.[/color]

AFAICS, chmod() isn't the problem. The problem is that when using
Mkdir() the owner of the created folder isn't the same as the owner of
the script, and PHP's safe mode therefore doesn't allow you to access
the created folder (You can't even call Chmod() on it). Creating it
through FTP solves this problem.
[color=blue]
> Apache can be setup to follow, not follow, and change the owner id of
> symlinks. Since you said symlinks are apparently working, I don't
> think it matters which you choose in this case.[/color]

Thanks.

Cheers,
Nicholas Sherlock

Re: Securely serving files

Jasen Betts wrote:[color=blue]
> On 2006-02-12, Jerry Stuckle <jstucklex@attg lobal.net> wrote:
>[color=green]
>>Andy Hassall wrote:
>>[color=darkred]
>>>On Sat, 11 Feb 2006 16:56:08 -0500, Jerry Stuckle <jstucklex@attg lobal.net>
>>>wrote:
>>>
>>>
>>>
>>>>Jasen Betts wrote:
>>>>
>>>>
>>>>>On 2006-02-11, Jerry Stuckle <jstucklex@attg lobal.net> wrote:
>>>>>
>>>>>
>>>>>
>>>>>>Why not just include() the file?
>>>>>
>>>>>not reccomended for binary files - they might have <? in them somewhere...
>>>>
>>>>He didn't say the were binary files.
>>>>
>>>>And even if they were, he'd have exactly the same problem with
>>>>readfile( ) - which he is currently using.
>>>
>>>
>>> No, readfile() doesn't execute the file as PHP. include() does. They're very
>>>different. .
>>>[/color]
>>
>>Please read the original post. He is not outputing a php file. It is
>>text - and would not be executed.[/color]
>
>
> php files are (usually) text files...
> With include() it would be executed if it contained php tags.
> The .php filename extension is only significant to the web server.
>
>
>
>[/color]

That's true. But this is NOT php code. This is plain text.

Get me a newspaper and show me where articles have tags such as <?php in
them. Or any other plain text file not about PHP.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===