duanli0162 2013-10-28 23:15
浏览 29

为什么在尝试直接访问图像时访问控制不起作用?

I have the next in security.yml file:

access_control:

- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/forum/, role: ROLE_USER }
- { path: /usuarios/, role: ROLE_NO_ACCESS }

but if I try to access a file inside /public/img/usuarios/otherDirectory/ putting into the navigation bar, the image is shown in the browser.

Why isn't it denying the access?

Update

I've tried to add this to the Apache site configuration (in my localhost):

    <Directory /home/me/MyServer/itransformer-2.0/web/public/img/usuarios>
                    AllowOverride none
                    Options -Indexes
                    Order allow,deny
                    Deny from all
    </Directory>

but I can still access the images directly. Maybe I'm doing something wrong...

  • 写回答

1条回答 默认 最新

  • dta25920 2013-10-28 23:36
    关注

    Your file is in the public folder, so it is public, in other words, this is not the right place to store a private file.

    According to this post (or this one on Stack Overflow), you can serve a file from a controller. So try to use this controller behind a protected URL.

    To serve multiple files, you'll have to store the paths of your files in your database. For example:

    +----+------------+
| id |    path    |
+----+------------+
|  1 | image.jpg  |
|  2 | image2.jpg |
+----+------------+

    The management of file is explained in the Symfony2 cookbook.

    评论

报告相同问题?

悬赏问题

  • ¥15 基于卷积神经网络的声纹识别
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 stm32开发clion时遇到的编译问题