How Test a Security Download

Hello ...I have create an Application with Laravel.

Among other things, this application allows you to view pdf files. In order to do this, you must have special requirements.

I created a path in storage/app/upload where the files to show are taken from.

In the controller who takes care of recovering the right one I have in the show method this snippet:

return response()->download(storage_path('app/upload/' . $file->path . '/' . $file->filename), null, [], null);

I made everything safe through a dedicated middleware and I did some tests to see if you have direct access and everything seems to be working properly.

this is a link to test: https://aipvservice.com/admin/files/1

Is it the correct solution or could someone access it anyway?

Thanks for any advice ;)

Snapey

6 years ago

Level 122

Yes, this should be correct provided you host the site correctly with only the public folder visible from the outside.

theblack68

6 years ago

Level 6

Thanks Snapey ...now I'm more relaxed ;)

Please or to participate in this conversation.