ZendFramework - 如何保護公開/目錄中上傳的機密文件？

Question

有些用戶上傳那些存儲在目錄/var/www/html/project/public/contract/<HERE_UNIQUE_FILES.pdf>中的機密合同/協議文件。

但問題來自谷歌搜索或直接鏈接任何未經授權的用戶可以打開它並查看/複製它。

我該如何保護它，以便只有我的域或允許的對等方纔能訪問此私有目錄？

例子：

class Application_Model_Uploader 
{ 

    public static function mvUploadContract() 
    {  
     /* Anyone from outside can access this path, but how to protect it? */ 
     $target_path = APPLICATION_PATH . "/../public/contract/";   
     $target_path = $target_path . basename($_FILES['contractfile']['name']); 
     if(move_uploaded_file($_FILES['contractfile']['tmp_name'], $target_path)) 
     { 
      $result = true; 
     }else{ 
      $result = false; 
     } 
    } 
} 

Answer 1

把文件從公共目錄中，並使用PHP授權用戶後串流。

if (is_authorized($user)) { 
    header('Content-Description: File Transfer'); 
    header('Content-Type: application/octet-stream'); 
    header('Content-Disposition: attachment; filename='.basename($path_to_file_outside_public)); 
    header('Content-Transfer-Encoding: binary'); 
    header('Expires: 0'); 
    header('Cache-Control: must-revalidate'); 
    header('Pragma: public'); 
    header('Content-Length: ' . filesize($path_to_file_outside_public)); 

    readfile($path_to_file_outside_public); 
}