0

I need to allow users to upload files with sensitive data to a server, then invite other authenticated users to access specific files.

This is my proposed solution:

Each user will have his own folder to which he uploads files, and the parent folder will have an .htaccess with deny all to block direct access. (This already works well.)

Then, an invited user will get a generated SHA1 invitation id and the url will be something like download/[sha1]/file and I can then use my controller to check if this invitation exists in the database for this authenticated user. If it does, I get the file and based on the file extension I give the appropriate header for file download.

ex:

localhost/[whatever]/download/[some_hash]/test.txt

invitation_table
invite_id         - unique ID
invite_token      - sha1 which will be generated by his unique email concatenated with other data
invite_invited    - logged user invite
invite_user       - user who invited the user

Based on the hash, I query the db and get the invite_user data and then I know in which directory I have to get the file because there can be multiple files on the server with the same name in different directories.

Is this is a good approach?

Xander
  • 35,525
  • 27
  • 113
  • 141
ka_lin
  • 119
  • 3

1 Answers1

2

Your use of SHA-1 is somewhat risky. A scheme based on hashed tokens, like your propose, can be done securely. However, there are various subtleties to doing it right. Considering you are going to do a database lookup for each file access, there is no need to rely on hash tokens.

Instead I suggest a much simpler system where the invitation_table simply consists of file_id and user_id. When a file owner invites a user, add a row to the table. When a user requests a file, check whether the requesting user has an entry in the table for that file_id.

paj28
  • 32,736
  • 8
  • 92
  • 130