Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Posted by Robert Mylne
Robert Mylne
13,708 Points

Storing PDFs securely?

I'm not sure how to store user uploaded PDFs for my website. I want it to be secure. Can you store the file in a mysql db or just the path name? Also how do I make this secure as it will be sensitive information.

The user will also have to be able to download their pdf from the front end php prob using laravel :) last answer not super important yet. Thanks :)

2 Answers

James Barnett
James Barnett
39,199 Points

To help protect the files from leaking all over the web:

  • store the file outside of the webroot
  • use HTTPS on your upload page
  • make sure to keep file permissions on the directory the pdfs are stored in tight
  • encrypt the file on the system

To help protect your server from malicious uploads:

  • Validate it's a pdf using it's file header
  • Limit number of uploads and file size to prevent DoS
  • Make sure to store the file with a different file name
Robert Mylne
Robert Mylne
13,708 Points

Excellent :) Thank you I will have to look into how to integrate these all into Laravel.

Ken Alger
STAFF
Ken Alger
Treehouse Teacher
Ken Alger
Ken Alger
Treehouse Teacher

Robert;

Here are a couple of sites that offer a decent overview of what you are wanting to accomplish:

Both have similar information and, while a bit dated, still offer some great suggestions regardless of the language/framework you choose.

Ken