Securing file transfer

Axel5

Hi, i'm new in PHP and i am developing a site where users can send files using this method:

upload.php

:
$upfile=$HTTP_POST_FILES['userfile']['name'];
copy($HTTP_POST_FILES['userfile']['tmp_name'],$upfile)
:

but i dont know how secure that transfer, i hope someone can help me or tell me where can i read about that. Thanks!!!!

tomwerner

what sort of protection are you seeking? Do you mean encrypting it during transfer over the internet or are you more worried about something happening at the server? If it is the latter then I think as long as you clear up (delete the tempory upload files) and keep your uploaded documents in a secured folder (out of the public tree and preferrably secured by .htaccess if available) you will be ok.

The only way , I can think of, to secure it during transit over the internet is to use an encrypted connection. This is similar to what online stores use to protect card details. Get in contact with your ISP if you are unsure whether you have been given [url]https://[/url] space, if the space is free there might be a chance in a million you have it, if you have a cheap package then you may have it.

I wouldn't reccomend putting together your own encryption script as even if it is possible it would increase the load on your server (which is not desirable).

bad76

"secure" a transfer?
You talk about a https transfer or you have to know if file is right posted ?

[edit]
wow, my client has submitted some copy of this...
about 4...

Axel5

I need somothing about encrypting it during transfer, i know something about sign a file and send it to secure that file and nobody can see what i sending, but i dont know how do that 😕

laserlight

Well, I think you should check out the secure http option, I'm not too familiar with it myself but I think it will help you.

Conversely, you could try encryption using the mcrypt library with PHP.

Axel5

Ok, laserlight ill check it. anyone?🙂