: Can secret URLs be used to protect files? I would like to know if I can offer private downloads in my website (only available to certain users) by placing all the files in a /download folder
I would like to know if I can offer private downloads in my website (only available to certain users) by placing all the files in a /download folder and make sure it doesn't show the index of all the files with the .htaccess option: Options -Indexes.
That way, only users with the complete address of the file would be able to download a certain file.
Is there any problem with this method?
More posts by @Frith620
3 Comments
Sorted by latest first Latest Oldest Best
If you want to make it difficult for users to download files meant for other people, then using random names is probably good enough. But it will only make it difficult, it won't prevent any of the following:
A user sharing their download link with others
Search engines indexing the download links that they are able to find
Somebody figuring out the pattern you use and downloading other files
"Secret" URLs tend to leak in some surprising ways. For example, one of your downloads is opened in a browser window and somebody clicks on a link in it (maybe even in a PDF), the browser will send the secret URL as a referrer to the site that was clicked on.
I wouldn't rely on secret file names for any files that contain data that user would be upset about having shared with others.
As John mentioned, this is simply security through obscurity. What that means is it's basically not security at all.
Once somebody knows the URL for one of the files there is nothing you can do to stop them sharing it and giving it to other people. Then anyone can download it and you can't stop them.
Also, if somebody downloads several files, they may be able to determine a naming convention. Perhaps your files are called file1, file2, file3 etc... Once someone learns there is a pattern they could enumerate the rest of your files.
Failing that, unless your file names are incredibly random, someone could simply write a script to brute force guess your file names.
The point is, if you need them to be secure, make them secure. By hiding them (obscuring them) you are not making them secure. Obscurity is not security.
This is called "security by obscurity". This is essentially no security at all.
Security through obscurity is a pejorative referring to a principle in
security engineering, which attempts to use secrecy of design or
implementation to provide security. A system relying on security
through obscurity may have theoretical or actual security
vulnerabilities, but its owners or designers believe that if the flaws
are not known, then attackers will be unlikely to find them. A system
may use security through obscurity as a defense in depth measure;
while all known security vulnerabilities would be mitigated through
other measures, public disclosure of products and versions in use
makes them early targets for newly discovered vulnerabilities in those
products and versions. An attacker's first step is usually information
gathering; this step is delayed by security through obscurity. The
technique stands in contrast with security by design and open
security, although many real-world projects include elements of all
strategies.
Security through obscurity has never achieved engineering acceptance
as an approach to securing a system, as it contradicts the principle
of "keeping it simple". The United States National Institute of
Standards and Technology (NIST) specifically recommends against
security through obscurity in more than one document. Quoting from
one, "System security should not depend on the secrecy of the
implementation or its components."
It is analogous to a homeowner leaving the rear door open, because it cannot be seen by a would-be burglar.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.