I am creating a software-as-a-service Content management systems, and I wish to allow customers to upload static files to create the website.

I am searching for top tips regarding how to safely permit them to upload files inside a domain-routed atmosphere. I believed to produce a random directory on their behalf (some short hash) and also have it run such as this...

They'd have FTP accounts produced on their behalf instantly.

  1. Web client demands /css/style.css
  2. Server inspections to ascertain if /f23082j/css/style.css is available (hash is associated with domain in some way)
  3. Whether it does, then serve it
  4. Whether it does not, select from the issue all rewrite rule which PHP accumulates

I'd only serve common extension demands (css, js, digital, etc.) and hang AllowOverride None during my primary .htacccess file.

Wouldso would Time passes about carrying this out? I am wishing I'm able to do that in the server level, without having to involve PHP. The atmosphere is Linux (CentOS) Apache/cPanel based, therefore if I have to dynamically update a config file with one of these rules then that might be okay, but I am unsure how good that will scale to 1000's of customers...

Any suggestions? A PHP-based upload is really a last measure.