Hi there, how are you.
I am working on
docs / images uploading. For some security reasons I must upload images or docs in the folder that must be in
app root and the folder name is
abc_docs and in
abc_docs folder there is a folder with the name of user_id Like
1295, but not in
webroot folder. So I just create the folder
abc_docs and upload the files or images successfully.
But now its turn for showing them …and they are broken. The message is
image can not be load. So I just copy the link and past Like
http://localhost/myproject/app/abc_docs/1234/a1c4s5d.jpg in address bar and enter. then cakephp me give error the you should make method in
abc_docs and view … etc.
I hope you understand my question. So tell me where I am doing wrong or there is another suggestions.
If the docs folder is not under webroot, then you will not be able to access them directly with any URL. This is presumably the entire point of the security? You will instead need to write a controller method that checks for the right access, then sends the image from the secure folder. Each of those pieces should be well covered elsewhere.
May we know what specific security reasons?
I think you might be overthinking it because if the client loads the image, the client basically has the image.
So I wonder what specific security reasons you had in mind…
I was assuming it’s something like private documents where the client should definitely be able to see them (and do whatever they want with them), but nobody else should be able to access them. Like designs from an architectural firm or web developer, ticket stubs, account statements. Loads of perfectly valid possibilities, I’d say that most of my projects involve something like this.
First, for highly secure documents I would consider using a service.
However to save me typing, see best answer here.
Just adapt to cakephp. A unique folder name that only that user knows may be a good solution.
- not /bob
- but /b9123sdf11qa
Something like that.
This is security by obscurity, not something I’d advice (I’ve actually had issues with this in the past).
In the post you have send, I think the 3rd option from Snapey would be the best bet.
yes … something like this … so is there any possibility … or i can ask another question for folder security
Well, then I think the symlinks are the best way to go honestly…
As I said, write a controller method that checks for the right access, then sends the image from the secure folder. Each of those pieces should be well covered elsewhere.
Thanx alot @Zuluru … its done … thanx for your time