drwj4061 2014-03-19 17:59
浏览 46
已采纳

如何保护上传文件夹中的图像不被任何人查看除了管理员

Ok, desired (probably impossible?) scenario is next:

1) anyone can upload image(s) to folder

2) only admin, via web admin interface/regular, password protected admin panel can see it

I guess it is impossible, unless i store images to database directly (as BLOB type), and show them inside admin panel (which will decrease performance, i guess).

So, what i could do, a) except to place blank index file in upload folder (already done) but i guess there are ways to guess/get names of files

b) and maybe, add some .htaccess protection (what would be your advice?)

Again, uploading is a part of form (there is no registration required!), i need some way to allow only admin to see/download images, but to protect it from others, because sensitive data are in question.

  • 写回答

3条回答 默认 最新

  • dp13668681869 2014-03-19 18:03
    关注

    Here you go:

    1) Do not store files in your DB. Ever.

    2) Protect the upload directory (where ONLY uploaded files will live) with an .htaccess - "deny all" (basically) -- or store the upload directory somewhere NOT public to the web (see #3, below)

    3) Have an interim file that serves file downloads (is user logged in? If so, set headers and readfile() the actual file - this will force the file to download. The database should store the file name, path, and other relevant details)

    The PHP upload script can save files in any directory, even the one with the .htaccess in it.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥30 帮我写一段可以读取LD2450数据并计算距离的Arduino代码
  • ¥15 C#调用python代码(python带有库)
  • ¥15 矩阵加法的规则是两个矩阵中对应位置的数的绝对值进行加和
  • ¥15 活动选择题。最多可以参加几个项目?
  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型
  • ¥15 vs2019中数据导出问题
  • ¥20 云服务Linux系统TCP-MSS值修改?
  • ¥20 关于#单片机#的问题:项目:使用模拟iic与ov2640通讯环境:F407问题:读取的ID号总是0xff,自己调了调发现在读从机数据时,SDA线上并未有信号变化(语言-c语言)
  • ¥20 怎么在stm32门禁成品上增加查询记录功能
  • ¥15 Source insight编写代码后使用CCS5.2版本import之后,代码跳到注释行里面