How to securely store files on a server

Question

What I'm Doing:

I basically need to create a website secured by a login page written in PHP that once logged in, you have a search bar that reads integers and the data is sent to a PHP script that retrieves an image with the number as its name.

(I'll be storing a few thousand images on this server to be searched - inventory images)

-

What I need help with:

From my research, I understand that you "don't" use databases such as MySQL to store actual images because of speed and inefficiency. If you don't store it in a database, and you leave it on the server's file system as suggested, if someone types a direct URL into an address bar, wouldn't it bring them to the files on my server?

How do you protect against this. I wan't no files on my server to be viewable without successfully going through the login page.

Thanks for any help, any insight or suggestions would be appreciated. This is important for me because more complex information will be added in the future.

Answer 1

A recommended way of handling file downloads via PHP (or any other script) is by using the so called 'X-Sendfile' response header.

The PHP script handles the authentication and once validated it will set a few response headers together with an 'X-Sendfile' that tells the web server to deliver a file; the script ends and the web server takes over.

See here for a simple example:

http://www.jasny.net/articles/how-i-php-x-sendfile/

Answer 2

this may be overkill for your situtation, but this is how i am thinking about doing it on an app i am developing:

first, there are 4 servers, a web server, a middle ware server, and a data server

when someone sends a request to the web server, the web server connects to the middleware server and requests the file, passing along the user credential like a session key and the file requested. the middleware connects to the db and validates the session adn that users privileges to that file. it will return either an error, or the binary data if they have access. if you turn off output buffering on both the web server and the middleware server, you can send 100k blocks from the middleware server to the web server, and the web server will output the first block while it's receiving the second block.

the file itself can be stored on the database server via ftp, sftp, or other filesharing

it's definitely not as efficient as using x-sendfile, but if someone is able to pwn your web server, they will still not have access to the file - in the scenarios above, they would. the web server is the only public server, so the rest of the servers should be connected on a private network.

you can also send the data to an encryption server that will encrypt/decrypt the actual file data

if anyone has any ideas on how to improve on this, i am interested.