weixin_33725722 2019-01-26 06:32 采纳率: 0%
浏览 72

如何解决图片上传问题

I'm using Google cloud storage for hosting my website, i have code to upload the cover image like Facebook once user select the image it will upload to the server and same time it will fetch the image.

i gave full access to only that cover image folder, if i gave like that any problem will come like hacking. Please give me an advice my ways good or not?

if (!is_dir($directoryName)) {
                $oldmask = umask(0);
                mkdir($directoryName, 0777);
                umask($oldmask);
            }
  • 写回答

1条回答 默认 最新

  • 喵-见缝插针 2019-01-26 19:31
    关注

    I don't think it's even possible to use such method in the 1st place, since Cloud Storage doesn't actually have directories, file objects just appear to be residing in directories due to the '/' characters in their names, but they really are in the single flat namespace corresponding to the entire bucket. From Object name considerations:

    Object names reside in a flat namespace within a bucket, which means that different buckets can have objects with the same name. It also means that objects do not reside within subdirectories in a bucket. For example, you can name an object /europe/france/paris.jpg to make it appear that paris.jpg resides in the subdirectory /europe/france, but to Cloud Storage, the object simply exists in the bucket and has the name /europe/france/paris.jpg.

    The proper ways to implement access control in Cloud Storage are described in Access Control Options.

    To me the most appealing one for uploading the cover photo appears to be using Signed URLs, which allows access restricted to just a single file/object and only for a limited time, thus preventing upload of multiple files (which appears to be your concern) as well as overwriting the uploaded image after that limited time expires:

    This page provides an overview of Signed URLs, which is a mechanism for query string authentication for buckets and objects. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account. To learn how to create a Signed URL, read Creating Signed URLs with gsutil and Creating Signed URLs with a Program.

    Since you plan to do it from your code, the 2nd approach from the above quote is what you need - essentially boiling down to sending a particular POST request to a specially crafted URL.

    评论

报告相同问题?

悬赏问题

  • ¥15 数学的三元一次方程求解
  • ¥20 iqoo11 如何下载安装工程模式
  • ¥15 本题的答案是不是有问题
  • ¥15 关于#r语言#的问题:(svydesign)为什么在一个大的数据集中抽取了一个小数据集
  • ¥15 C++使用Gunplot
  • ¥15 这个电路是如何实现路灯控制器的,原理是什么,怎么求解灯亮起后熄灭的时间如图?
  • ¥15 matlab数字图像处理频率域滤波
  • ¥15 在abaqus做了二维正交切削模型,给刀具添加了超声振动条件后输出切削力为什么比普通切削增大这么多
  • ¥15 ELGamal和paillier计算效率谁快?
  • ¥15 蓝桥杯单片机第十三届第一场,整点继电器吸合,5s后断开出现了问题