Images or Docs are broken

Hi there, how are you.

I am working on docs / images uploading. For some security reasons I must upload images or docs in the folder that must be in app root and the folder name is abc_docs and in abc_docs folder there is a folder with the name of user_id Like 1295, but not in webroot folder. So I just create the folder abc_docs and upload the files or images successfully.

But now its turn for showing them …and they are broken. The message is image can not be load. So I just copy the link and past Like http://localhost/myproject/app/abc_docs/1234/a1c4s5d.jpg in address bar and enter. then cakephp me give error the you should make method in appcontroller.php of abc_docs and view … etc.

I hope you understand my question. So tell me where I am doing wrong or there is another suggestions.

If the docs folder is not under webroot, then you will not be able to access them directly with any URL. This is presumably the entire point of the security? You will instead need to write a controller method that checks for the right access, then sends the image from the secure folder. Each of those pieces should be well covered elsewhere.

May we know what specific security reasons?
I think you might be overthinking it because if the client loads the image, the client basically has the image.
So I wonder what specific security reasons you had in mind…

1 Like

I was assuming it’s something like private documents where the client should definitely be able to see them (and do whatever they want with them), but nobody else should be able to access them. Like designs from an architectural firm or web developer, ticket stubs, account statements. Loads of perfectly valid possibilities, I’d say that most of my projects involve something like this.

1 Like

First, for highly secure documents I would consider using a service.

However to save me typing, see best answer here.

https://laracasts.com/discuss/channels/general-discussion/how-to-protect-images-and-files

Just adapt to cakephp. A unique folder name that only that user knows may be a good solution.

  • not /bob
  • but /b9123sdf11qa

Something like that.

This is security by obscurity, not something I’d advice (I’ve actually had issues with this in the past).
In the post you have send, I think the 3rd option from Snapey would be the best bet.

sorry … can’t tell this

yes … something like this … so is there any possibility … or i can ask another question for folder security

Well, then I think the symlinks are the best way to go honestly…

As I said, write a controller method that checks for the right access, then sends the image from the secure folder. Each of those pieces should be well covered elsewhere.

Thanx alot @Zuluru … its done … thanx for your time