一些用户在那里上传存储在目录中的机密合同/协议文件/var/www/html/project/public/contract/<HERE_UNIQUE_FILES.pdf>
。
但问题来自谷歌搜索或直接链接,任何未经授权的用户都可以打开它并查看/复制它。
我该如何保护它,以便只有我的域或允许的对等方只能访问此私有目录?
例子:
class Application_Model_Uploader
{
public static function mvUploadContract()
{
/* Anyone from outside can access this path, but how to protect it? */
$target_path = APPLICATION_PATH . "/../public/contract/";
$target_path = $target_path . basename( $_FILES['contractfile']['name']);
if(move_uploaded_file($_FILES['contractfile']['tmp_name'], $target_path))
{
$result = true;
}else{
$result = false;
}
}
}