Thursday, May 23, 2013

RE: Directory Protection

The point is for example (not comparing to Facebook / or any site that has images / files) but you cannot go to facebook.com/profiles/uploads/images and view all images its protected, server gets image location  and sends it out to the "view" when needed.

 

I do not want the folder "files" are uploaded to be accessed.

If I put the"upload"  folder outside webroot CakeRequest::file just spits out the image / file to the browser….. I do not want that.

 

I need to pull from the folder and display it as if it was coming from img folder as normal.

 

You do not want anyone to go to site.com/img/uploads/ and have full access to browse thru all your files / images / uploads

 

 

 

From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of André Luis
Sent: Thursday, May 23, 2013 9:27 AM
To: cake-php@googlegroups.com
Subject: Re: Directory Protection

 

Just a suggestion, but why dont you create a images folder on the root of the server, them create a controller wich read the image and outputs to browser? It would be protected...

 

It would be like you create /app/images and upload the files to this folder, them only cake would have access, but for a better security, the root folder is advised. 


Em quarta-feira, 22 de maio de 2013 23h08min56s UTC-3, advantage+ escreveu:

I have an" img/uploads" folder which has users profile images and such.

 

How do you go about protecting the folder so there is no access except when Cake gets the images?

So anyone can't just browse thru the directory?

 

Google search turned up MediaView so put the uploads outside of webroot, but
" As of 2.3 MediaView is deprecated and you can use CakeResponse::file() to send a file as response:"

 

Should it be set to use CakeResponse::file($path, $options = array())

Allows you to set a file for display or download

 

If so is there a simple example out there showing exactly how this would get the files and server it up?

 

$image = CakeResponse::file('where/file/is/here.jpg, $options = array())

$this->Controller->set('image', $image);

 

Thanks,

Dave

 

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)