I'm working on creating a web enabled, FTP site similar to Yahoo's Briefcase application. The problem is that I need to upload the files to a directory that is not accessible from the web. In ColdFusion i'm able to do something like this using the CFFILE function for storing uploaded files, and CFCONTENT function to present the file from a private location.
I want to make sure that I don't open myself to too much danger of hacking, but I do want to allow the files to be uploaded from the web to a non-webaccessible location. Then I can secure access to them through application security. Any ideas on how this could work?
One idea that I haven't had a chance to try out would be to use htaccess security on the directory that will house the files. I believe that PHP has a way of accessing those login variables to essentially log itself into the secured directory and get the files. I haven't done any work on this idea yet.
Any suggestions on this topic would be great. I don't anticipate this being a very heavy traffic site, and will probably be using it for my own personal use. I just don't want to be wide open security wise.
Thanks,
Nate
