douduan2272 2011-11-22 16:36
浏览 13
已采纳

PHP - 如何设计安全的照片库文件结构

I've decided not to use a BLOB to store the image for my gallery. I've created a directory structure (with no DB transactions at all)... its pure file system. For example i've created the following file structure:

http://www.mywebsite.com/Client_IMAGES/female/S/10f6f9b0d880ab3bd2c9c81fb33f8be59e09d9ed/MY_IMAGE.jpg

The folder is divided into male and female. The letter "S" being the first letter of the email address and the hash being unique to each user. So if you can see what im doing is making a easy to search file structure. My concern is on security. I've updated my .htaccess file to include option-indexes which means no directories will be directly shown but is this the best way to be doing this ? i see other sites using CGI and a photoID etc ..i need some guidance.

  • 写回答

1条回答 默认 最新

  • dongxiang7276 2011-11-22 16:41
    关注

    If you want to keep the photos secure, I would suggest taking all of them out of your web root and possibly having a rewrite rule so that .jpg, .gif, .png, whatever are redirected to a script that does something like

    $file = "/path/to/files/$_REQUEST[file]";
if (user_can_see($file)) {
   header("Content-Type: " . mime_content_type($file));
   readfile($file);
}
else {
   die("Hmm?");
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 求lingo代码和思路
  • ¥15 公交车和无人机协同运输
  • ¥15 stm32代码移植没反应
  • ¥15 matlab基于pde算法图像修复,为什么只能对示例图像有效
  • ¥100 连续两帧图像高速减法
  • ¥15 如何绘制动力学系统的相图
  • ¥15 对接wps接口实现获取元数据
  • ¥20 给自己本科IT专业毕业的妹m找个实习工作
  • ¥15 用友U8:向一个无法连接的网络尝试了一个套接字操作,如何解决?
  • ¥30 我的代码按理说完成了模型的搭建、训练、验证测试等工作(标签-网络|关键词-变化检测)