3 Replies - 451 Views - Last Post: 17 April 2013 - 09:03 PM Rate Topic: -----

#1 Slice  Icon User is offline

  • sudo pacman -S moneyz


Reputation: 245
  • View blog
  • Posts: 719
  • Joined: 24-November 08

Downloading files: Risks, Security and File Types.

Posted 17 April 2013 - 05:47 AM

Hey everyone. So I'm working on a website to host files for download.

I have several different file types, which is causing some issues. For example, an executable program I wrote downloads fine, I just have to link to it via '<a href=' and it allows me to save the file.

However, I also have some small php scripts I would like to host, but the browser obviously treats it as a page when you link to a php file. Is there a way to force the browser into making a download? I considered just writing the code out on the page and allowing people to copy and paste but the format is messed up and has white spaces etc.

I have some zips of scripts that require more than one file and need to be kept in file structure, but ziping seems unnecessary for one file.

Onto the next issue: Security

My server won't last 5 minutes if some malicious person sets a bot to constantly download all my files, yet I don't want to set up something like a captcha for every single download. What is the best security method for hosting downloads? Are there any major risks I have to be working against?

Most download sites use a timer before the download starts. Is this a security measure or a "go pro to remove wait time" incentives?

Just to put any suspicious minds at ease, I'm making this site to host all my own work that is free for people to download and use as they wish. Nothing dodgy or illegal.

Any tips or links to resources would be greatly appreciated.

Is This A Good Question/Topic? 0
  • +

Replies To: Downloading files: Risks, Security and File Types.

#2 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3576
  • View blog
  • Posts: 10,442
  • Joined: 08-June 10

Re: Downloading files: Risks, Security and File Types.

Posted 17 April 2013 - 06:29 AM

Quote

I have several different file types, which is causing some issues. For example, an executable program I wrote downloads fine, I just have to link to it via '<a href=' and it allows me to save the file.

However, I also have some small php scripts I would like to host, but the browser obviously treats it as a page when you link to a php file. Is there a way to force the browser into making a download?

no.

simply because the browser is not responsible for the incoming HTTP Response (i.e. the PHP output). thus the browser can only react based on the given HTTP headers.

what you need to do is to set up the server to tell that the script should be downloaded. the key variables here are the HTTP headers, specifically the MIME-Type related ones, esp. the Content-Disposition header.

btw., a standard PHP page has the text/html Content-Type header, that’s why it is normally loaded into the browser.

This post has been edited by Dormilich: 17 April 2013 - 06:31 AM

Was This Post Helpful? 1
  • +
  • -

#3 creativecoding  Icon User is offline

  • Hash != Encryption
  • member icon


Reputation: 928
  • View blog
  • Posts: 3,212
  • Joined: 19-January 10

Re: Downloading files: Risks, Security and File Types.

Posted 17 April 2013 - 08:37 PM

The key here is to not actually link people to the actual file, but to link them to a processing page. From there you can regulate downloads and prevent bots from scraping your site (I would advise a download limit, once reached will present a captcha required to download the file). You can even go the extra mile to use mod_rewrite with htaccess in order to make all of your previous links work and to possibly make URLs prettier.
Was This Post Helpful? 2
  • +
  • -

#4 CTphpnwb  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 3100
  • View blog
  • Posts: 10,889
  • Joined: 08-August 08

Re: Downloading files: Risks, Security and File Types.

Posted 17 April 2013 - 09:03 PM

View PostDormilich, on 17 April 2013 - 09:29 AM, said:

btw., a standard PHP page has the text/html Content-Type header, that’s why it is normally loaded into the browser.

Uh, what's a PHP page?
:whistling:

I know it seems like I'm nit picking, but I think beginners are better off when they learn that pages are sent to the browser and PHP scripts are run on the server.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1