dsfjnxjlbqv9812 2013-04-25 04:13
浏览 25
已采纳

CakePHP在身份验证后访问受限文件

I have an ACL controlled application that uses the Media plugin to upload files to /app/webroot/media. When a file is uploaded, the dirname, basename and file name are written to the database.

I'm looking for a way to restrict access to /app/webroot/media, allowing users to only view the files associated with their user id after they have signed in. Currently, users can access other user's files which is not at all ideal. Is there a best practice for this as far as CakePHP is concerned?

  • 写回答

1条回答 默认 最新

  • dongyi6269 2013-04-25 06:04
    关注

    Any file under webroot will be publicly accessible if the user knows the url. Store your files in a folder outside webroot and then render them through a controller action using CakeResponse::file(). This way you can controller access to the action as required.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 关于用pyqt6的项目开发该怎么把前段后端和业务层分离
  • ¥30 线性代数的问题,我真的忘了线代的知识了
  • ¥15 有谁能够把华为matebook e 高通骁龙850刷成安卓系统,或者安装安卓系统
  • ¥188 需要修改一个工具,懂得汇编的人来。
  • ¥15 livecharts wpf piechart 属性
  • ¥20 数学建模,尽量用matlab回答,论文格式
  • ¥15 昨天挂载了一下u盘,然后拔了
  • ¥30 win from 窗口最大最小化,控件放大缩小,闪烁问题
  • ¥20 易康econgnition精度验证
  • ¥15 msix packaging tool打包问题