Here is a nice article/list about image protection:
http://www.naturefocused.com/articles/image-protection.html
For testing you can create a subdomain on you website like img.yourdomain.com and to play directly / testing the rules that you want to implemet there, and set root folder for img.yourdomain.com like /app/webroot/img/uploads/ .
On Friday, May 24, 2013 6:52:38 AM UTC+2, advantage+ wrote:
--The point is for example (not comparing to Facebook / or any site that has images / files) but you cannot go to facebook.com/profiles/uploads/
images and view all images its protected, server gets image location and sends it out to the "view" when needed.
I do not want the folder "files" are uploaded to be accessed.
If I put the"upload" folder outside webroot CakeRequest::file just spits out the image / file to the browser….. I do not want that.
I need to pull from the folder and display it as if it was coming from img folder as normal.
You do not want anyone to go to site.com/img/uploads/ and have full access to browse thru all your files / images / uploads
From: cake...@googlegroups.com [mailto:cake...@googlegroups.
com ] On Behalf Of André Luis
Sent: Thursday, May 23, 2013 9:27 AM
To: cake...@googlegroups.com
Subject: Re: Directory Protection
Just a suggestion, but why dont you create a images folder on the root of the server, them create a controller wich read the image and outputs to browser? It would be protected...
It would be like you create /app/images and upload the files to this folder, them only cake would have access, but for a better security, the root folder is advised.
Em quarta-feira, 22 de maio de 2013 23h08min56s UTC-3, advantage+ escreveu:I have an" img/uploads" folder which has users profile images and such.
How do you go about protecting the folder so there is no access except when Cake gets the images?
So anyone can't just browse thru the directory?
Google search turned up MediaView so put the uploads outside of webroot, but
" As of 2.3 MediaView is deprecated and you can use CakeResponse::file() to send a file as response:"
Should it be set to use CakeResponse::file($path, $options = array())
Allows you to set a file for display or download
If so is there a simple example out there showing exactly how this would get the files and server it up?
$image = CakeResponse::file('where/
file/is/here.jpg , $options = array())$this->Controller->set('image'
, $image);
Thanks,
Dave
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+u...@googlegroups.com .
To post to this group, send email to cake...@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en .
For more options, visit https://groups.google.com/groups/opt_out .
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
No comments:
Post a Comment