问题描述
我正在用php编写一个Web应用程序,用户可以在其中上传自己的文件或图像,但是如何保护这些文件免遭所有者以外的其他人访问.想起保管箱,保护这些文件的机制是什么,我曾尝试搜索但对此一无所获.任何指针或指向教程的任何链接都将非常有用.预先感谢.
I am writing a web application in php where users can upload their own files or images, but how can I protect these files from being accessed by others other than the owner. think of dropbox, what is the mechanism to protect those files, I have tried to search but don't get anything about this. any pointers or any link to tutorials would be very useful. thanks in advance.
推荐答案
如果将图像和文件作为二进制Blob存储在数据库中,则只需在获取和显示它们之前检查登录用户的权限即可从数据库中获取.
If you are storing images and files as binary blobs in your database, then it is simply a matter of checking permissions against the logged in user before retrieving and displaying them from the database.
如果您将它们存储为常规文件,则需要做的是将它们存储在网站的文档根目录之上,而在Web上这些文件不能公开访问.然后,在从数据库中检查了正确的所有权(我们不知道您的体系结构,因此替换为您存储了属于谁的文件)之后,检索图像,PHP可以检索该文件并将其发送到具有正确标头的浏览器
If you are storing them as regular files, what you need to do is store them above the document root of your website, where they are not publicly accessible on the web. Then to retrieve an image, after checking the correct ownership from your database (we don't know your architecture, so substitute however you have stored what belongs to whom), PHP can retrieve the file and send it to the browser with the correct headers.
例如,显示图像:
// Check permissions...
// If permissions OK:
$img = file_get_contents("/path/to/image.jpg");
// Send jpeg headers
header("Content-type: image/jpeg");
// Dump out the image data.
echo $img;
exit();
例如,您可以将文件名的数据库表与用户ID匹配,以跟踪谁拥有什么.
You can, for example, keep a database table of filenames matched with user IDs to keep track of who owns what.
这篇关于保护用户的文件被访问,以便只有所有者可以访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!