我一直在阅读关于数据存储和blobstore的关于存储和检索图像文件的所有内容。一切都指向blobstore,除了一个:隐私和安全。
在数据存储中,我的用户照片是私人的:我完全控制谁获得blob。然而,在blobstore中,任何知道url的人都可以想象到访问我的用户照片?这是真的吗?
这是一段让我放心的引语,但仍然不清楚。那么任何拥有blob密钥的人都可以访问这些照片? (来自)
所有这些都是为了:针对广告投放管理图片更私密且更安全,以及为什么:datastore或blobstore?或者,嘿,google-cloud-storage(我现在一无所知)
解决方案如果使用google.appengine.api .images.get_serving_url then yes,。然而,在调用get_serving_url之前,返回的url不能从blob的键中猜出,也不存在url。 (或者在调用delete_serving_url之后)。
如果您需要对blobstore 并在其中添加访问控制。
I have been reading all over stackoverflow concerning datastore vs blobstore for storing and retrieving image files. Everything is pointing towards blobstore except one: privacy and security.
In the datastore, the photos of my users are private: I have full control on who gets a blob. In the blobstore, however, anyone who knows the url can conceivable access my users photos? Is that true?
Here is a quote that is supposed to give me peace of mind, but it's still not clear. So anyone with the blob key can still access the photos? (from Store Photos in Blobstore or as Blobs in Datastore - Which is better/more efficient /cheaper?)
All of this is to ask: Which is more private and more secure for trafficking images, and why: datastore or blobstore? Or, hey, google-cloud-storage (which I know nothing about presently)
If you use google.appengine.api.images.get_serving_url then yes, the url returned is public. However the url returned is not guessable from a blob's key, nor does the url even exist before calling get_serving_url. (Or after calling delete_serving_url).
If you need access control on top of the data in the blobstore you can write your own handlers and add the access control there.
这篇关于ndb.BlobProperty与BlobStore:更私密,更安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!