I want to have a folder, lets call it docs, that contains documents that logged in users can download. These have very sensitive information. How can I best secure the folder. I come from a PHP background so want to know if I have overlooked anything.
I will secure the folder with .htaccess and also when the users click download they are never shown the folder. The download is forced through to them via php removing the folder name.
Of course to secure the users area I am implementing sanitation and validation on all input fields plus watching out for SQLInjections. Using an SSL connection. Turned off all php warnings. The secure area uses SESSION variables to control access and re-verify users for special tasks such as changing passwords. Plus a timeout feature of 10 minutes, after which the user has to re-enter details.
I am trying to be as thorough as possible so any advice no matter how small will be welcomed.
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…