It depends on what you want. Each file belongs to a single user, and would it be bad if one user accessed the files of another? If a person with access to a file passed the link to another, unauthorized, would that be a problem? Etc.
Some comments on your proposals:
- Use the robots to avoid indexing by search engines.
This will only prevent crawlers from indexing your files - this will have no effect on those who do not respect (if any) or prevent any particular user to access those files. Not that it's bad to do that, just not enough ...
Similarly, prevent your webserver from returning indexes (eg accessing robots.txt
it gives you a list of all files in dominio.com/uploads/
) - disabling option uploads
- also helps make it harder for a visitor to find out what files are there, but also does not prevent someone with a download link, it.
- Give complex names to files in order to avoid downloading by error attempt.
This may be an appropriate technique, depending on your security requirements (see beginning of response). One way to implement this is to create a link containing a UUID and / or the hash of the file, and allow anyone who has access to the link to download the file. Of course, your PHP will only deliver the link to logged in users, and if one of them passes / publish the link it's not much different than just copying and delivering the file to third parties ...
(The biggest problem with this technique is "public relations" - we know that "guessing" a UUID is totally impractical, but people without technical knowledge tend to think "ah, but what if someone finds the link? secure password protect? "...)
- Protect folder with .htpass and .htaccess (I do not know what impact afterwards for PHP to gain access to the folder).
I have no experience with PHP, but I think there is no impact whatsoever for it to access the folder (this is more a matter of Indexes
of Apache). As for effectiveness, assuming you are using HTTPS and your webserver is properly configured (not exposing Directory
files to users - which is the default in Apache) is a relatively safe approach. The only problems, according to this answer in security.SE , are usability (not exactly the user-friendly ) and the lack of stronger protection against brute-force attacks.
- Modify the system and replace the direct link with a download button, so the directory is not exposed.
This is the most "guaranteed", yet boring, and possibly worst performing (not necessarily unacceptable) way. It would be necessary to keep the .ht*
folder inaccessible (the medium does not matter: put it out of uploads
, use public_html
, use .htaccess
, etc) and create a mod_rewrite
script - access such as suggested in Lollipop's answer with the use of downloads.php
and header
( update: ) The performance of this second part can be greatly improved by using mod_xsendfile ; more details here ).
Once you've done this, you have full control over the form of authentication, applicable throttles, etc. Most likely this is the safest way and it provides the best user experience. If any of the above options are not "good enough" for your specific requirements, this is the way I would suggest.