I’m looking for some guidance and opinions about security.
I’m developing a web site with PHP/MySQL that contains a password-protected client section. Clients log in with a user name and password. After login, they are directed to a dynamically-created page that lists their projects. When they click on their project, they are directed to a dynamically-created page that lists the documents associated with that project. The documents are hyperlinks to the actual documents which they can view or download.
Thanks to many of you I have all of that working as needed. (Thank you, thank you, thank you!!!)
But I keep thinking about security. I’ve tried to and I hope that I’ve covered all possible bases, but I’m not sure.
The folder structure on the hosting server is such that there is nothing above the root folder unlike others where the web site is in the public html folder and there are places to “hide” things such as uploaded files and mysql_connect.
The way the site is set up, under the root folder is an admin folder with an uploads folder directly under it. This is the final resting place for documents uploaded by the web site owner (not the clients or casual site users). The admin folder also contains all the scripts for the web site owner to add a client, add a project, or add a document (including upload), or view current data. In order to access these other admin files, you log in and sessions are used to verify your access. However, I’m not sure how to keep unwanted users away from the documents that were uploaded. I can password protect the directory but that does two undesirable things: adds another login screen for the authorized users and, worse yet, makes the uploads unavailable to the clients on their page.
I’ve added an index.php page that redirects users to a 404 error page for those who might try to access a directory listing of documents in the folder. After that, I’m stumped about what to do. I know that sometimes you need to make concessions; that your web site isn’t either secure or not secure, but rather more secure or less secure. I just want to make sure I’m coming down on the side of more secure rather than less secure!
My mysql_connect.php is a php file, so I guess that’s as secure as it can be while within the root directory tree.
I would really appreciate your thoughts on any way to better secure the uploads directory.
Thanks in advance for your help.
The site is hosted with a hosting service that runs PHP 4.3.11 and MySQL 4.1.14.