4

I am new to web development and I'm learning PHP in order to sell a few binary files (shared Linux host). The site is not yet live.

My php scripts (50% borrowed code, 50% self-written, 95% fully understood) login to MySQL to READ the items for sale, and WRITE sale transaction data into another table. Functions.php, located in a subfolder of the webroot, contains the login name and password for MySQL.

Q1. This doesn't seem secure to me. How should the login/password info be stored so the scripts can access it? If functions.php was stored outside the webroot, could the .php files located in webroot #include (PHP "require_once") it? (I did try this once and my scripts broke in a way that seemed permissions-related -- if I knew it should work I'd keep plugging away at it)

Q2. I am unsure where to store the binaries that purchasers can download. Is it correct that savvy users can somehow find / download them (without paying) if I just store them in a subfolder of the webroot? Is it possible to use a .htaccess file to block access to the "binaries" folder within the webroot? Can black-hats get at / modify a .htaccess file?

Q3. Would it be a better idea to store the binaries (max=4Mb) in a MySQL table and copy them from there to a temp file in webroot before each download, then delete?

Q4. Can anyone recommend a set of scripts that manages this sort of thing that I could review / modify rather than reinventing the wheel?

Thanks

Improve this question
1
  • A note on inclusion security; a great practice (I think) in PHP is to define a constant such as INCLUDE_SECURE in your bootstrap (index.php for example) and test for it's existence at the top of each included file. defined('INCLUDE_SECURE') or exit; can put your mind at ease, knowing no sensitive data can be accessed outside of the bootstrap scope. Commented Jun 12, 2011 at 17:41

2 Answers 2

Reset to default
2

Q1 - Your MySQL password and other application specific settings should be stored in a separate file outside of your webroot. You can either put it out of webroot directly or restrict it via .htaccess. You can include the file or read from it as long as you know the path.

Q2 - The binaries should also be stored outside of the webroot. The ideal way to serve them would be to have them downloadable via a PHP file. This way you can do authentication before the file is served and you can make the links temporary so that users can't share it with other people

Q3 - If you use the above method, you don't need to store it as a BLOB in MySQL

Q4 - I haven't really come across anything that does and is a library/autonomous script. Serving them via the correct headers shouldn't be too difficult though.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Helpful and detailed response. Thanks.
1

Not sure if best practice, but this is how I'd approach it:

Q1: I store MySQL login information, along with local paths and other settings, in a config.inc.php file outside of the web root. I can then include that at the start of each script. I also use a database.inc.php which connects to MySQL and selects the database (plus a few database functions). In theory it isn't insecure inside the web root as being called directly will only execute the PHP, not display the contents of it. Storing an XML config or similar is different however!

Q2: If downloadable binaries are stored within the web root then they could be downloaded if the right URL is discovered. Instead they should be stored outside the web root, and a PHP "gateway" script serves the contents of those files if the request meets the right conditions. You may want to store a token with each purchase in your database, and only valid tokens are permitted to download the files. An example of a download script is here.

Q3: I believe it's better to use the file system to store files, rather than a database. It won't improve security over my answer to Q2 if that's what you mean.

Q4: You could try existing shopping cart software. Magento supports downloadable products.

Hope that helps

Improve this answer

4 Comments

Thanks very much for your reply. Good ideas. I'll look at that download script right away.
I don't understand the term "PHP gateway script". Is that a function that simply copies a "to-be-downloaded" binary into the webroot (using a temp name) so that another function can send it to the user's browser and then delete it from webroot? (Just a WAG)
regarding Q1, the reason it isn't secure inside the webroot is because if the apache or IIS configuration changes so that PHP is no longer executed (it's a single line in apache's config to disable it), then the web server will not execute php AND it'll print it out as plain text. This is VERY bad if you have things in that PHP code that you don't want people to see.
By "PHP gateway script" I mean a PHP script that will read the binary file from outside of the web root into memory and stream it to the client.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.