How to securely store files on a server

Question

What I\'m Doing:

I basically need to create a website secured by a login page written in PHP that once logged in, you have a search bar that reads i

Answer 1

this may be overkill for your situtation, but this is how i am thinking about doing it on an app i am developing:

first, there are 4 servers, a web server, a middle ware server, and a data server

when someone sends a request to the web server, the web server connects to the middleware server and requests the file, passing along the user credential like a session key and the file requested. the middleware connects to the db and validates the session adn that users privileges to that file. it will return either an error, or the binary data if they have access. if you turn off output buffering on both the web server and the middleware server, you can send 100k blocks from the middleware server to the web server, and the web server will output the first block while it's receiving the second block.

the file itself can be stored on the database server via ftp, sftp, or other filesharing

it's definitely not as efficient as using x-sendfile, but if someone is able to pwn your web server, they will still not have access to the file - in the scenarios above, they would. the web server is the only public server, so the rest of the servers should be connected on a private network.

you can also send the data to an encryption server that will encrypt/decrypt the actual file data

if anyone has any ideas on how to improve on this, i am interested.