What is the best way to secure a folder ?

Hello,

I am developing an application where people can upload images and I would like to know how to secure the folder where the images are stored ?

Is a .htaccess redirection is the best way ? And put a simple blank index.html file inside.

Thank you

 

Yes, use .htaccess and nobody will be able to access the files inside it via HTTP.

 

make the folder cant writable

 

What are you protecting against? I like the above answer, make it not writable? so how are users going to upload files to it? Browse through my blog and you can find some htaccess stuff that can protect you from low level threats. Low level is probably what you need to protect yourself from anyways.

 

Also set the names of the files inside to something that can not be easily guessed, like the MD5 sum of the file.

 

use .htpasswd as well so you can secure some folders by password

 

He doesn't need to password protect it, as users need to have access there. As I understand, they just shouldn't be able to view the folder contents and guess the file names.

 

.htaccess should do it.
But personally? If I were you I'd use .htaccess AND I'll chmod it.

 

That isn't a true way of securing anything, If someone wants access they will exploit a security hole in the software, or the server itself and that htaccess file will be a useless file on your server.

 

Oh my god, read what you said and what I said. You can't do anything from your browser if you don't have access to files via another method. Of course if you have root access the htaccess will be useless.

 

use your htaccess.

 

I think changing the CHMOD is enough to secure it.

 

Put it in a filing cabinet and lock the door.

 

You dont really want to secure the folder. You just want to stop people browsing the contents of the folder right?. In that case a blank index.html file will stop the directory listing from being displayed.

I assume you still need people to be able to connect to the folder via your webpage. If not (for example you are using php to stream the file) then you can use a htaccess file with "deny from all" to prevent any browsers from accessing any of the files inside it.(php could still read and stream the files, since its using the filesystem). And/Or make the uploads path outside of the web root folder.

 

Is it an image hosting so people can embed elsewhere, or personal image where content is kept for personal use? You might want to leech protect the files so people can't place them on other websites if it's not for hosting images to be posted elsewhere.

 

LOL! You just hit the right way. I like it.