How to protect user files?

A

Artem2019-09-08 17:05:06

PHP

Artem, 2019-09-08 17:05:06

Users of the service have the ability to upload scanned documents, these documents can only be opened by administrators a key that can be revoked a little.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

X

xmoonlight, 2019-09-08
@Artso

1. Encrypt the file on the frontend with the public key of the server before sending it directly.
2. When viewing a file (downloading) - we give it through the internal API, which decrypts the file with a private key, but only one trusted person has access to the code of this API (+ private key) .
3. Each administrator receives his own access token to this API, which determines access to view specific files (by clients, groups, etc.).

I

index0h, 2019-09-08
@index0h

Decide who you want to protect yourself from.
If from unauthorized access - read about Nginx-Accel and give files only to users with access.
If from accessing files directly - store in a database with AES encryption.
If you need a direct anal fencing and a lot of money - read about access key servers + industrial pyrotechnics.

A

Arris, 2019-09-12
@Arris

How to protect user files from whom ?