php - Proper method of storing private images on server? -

-

i have written php script retrieve images not under public_html folder. script authenticates user has permission view image displays it. image permissions set "0755"

secure method prevent other people viewing private images? hashing image file name add security benefit? there other alternative methods improve script?

script of image_retrieval.php

<?php include '../user_verification.php'; $image_request = $_get['image_request']; $pic = file_get_contents("/home/username/images/'.$image_request.'"); header('content-type: image/jpeg'); echo $pic; ?>

script of display_image.php

    <?php include '../world/verification.php'; $image_request = $_get['image_request']; echo"<img src='http://www.domainname.com/request_image.php?userid=$userid&image_request=$image_request'>"; ?> <form id='image_requester' method='get' action='display_image.php'>     <input type="text" id="image_request" name="image_request">     <input type="hidden" value="<?echo"$userid";?>" id="userid" name="userid">     <input type="submit" value="request"> </form>

since images not publicly available enough. thing hashed names more unique , store them under 1 dir, if wanted recommend using timestamps not clash other images ever!

otherwise storing of images hashes prove useful if auth layer somehow compromised. if happens isn't long before can list in there.

from code have posted above seems images in 1 place, store each users images separately if auth layer somehow compromised person, persons images @ risk rather everyone's. if needed hash them said or store them such names don't clash each other, while storing reference image in database.


Comments

Post a Comment

Popular posts from this blog

python - No exponential form of the z-axis in matplotlib-3D-plots -

-
Image
i have similar problem described in how prevent numbers being changed exponential form in python matplotlib figure : i don't want (in special case) weird scientific formatting of axis. problem different have problem @ z -axis. 2-d plots can use ax.get_yaxis().get_major_formatter().set_useoffset(false) . , there no function ax.get_zaxis() what use format z -axis same way? edit: example: from mpl_toolkits.mplot3d import axes3d import numpy np import sys import matplotlib import matplotlib.pyplot pyplot def func(xi, ti): res = 10e3 + np.cos(ti) * np.sin(xi) return res if __name__ == '__main__': timespacing = 20 timestart = 0 timeend = 1 time = np.linspace(timestart, timeend, timespacing) widthspacing = 50 widthstart = 0 widthend = 3 width = np.linspace(widthstart, widthend, widthspacing) reslist = [] matplotlib.rcparams['legend.fontsize'] = 10 fig = pyplot.figure() ax = fig.gca(projection = '3d...
Read more

php - Best Light server (Linux + Web server + Database) for Raspberry Pi -

-
i install web server database on raspberry pi (little computer). computer has 1gb ram. i want know best combination: linux distribution , web server , dbms run local server multiple users minimal latency, use php on server. , best settings performance , not have bugs (memory usage, disable plugin, disable service, etc)? i thought light debian , lighttpd server , sqlite database. solution? i think lighttpd + sqlite great choice. linux distro, debian @ centos or tiny core linux , although i'm not sure of compatibility pi. obviously, can't go wrong raspbian if want use in production , more stable performance, few more pi's , set them in cluster .
Read more

c# - "Newtonsoft.Json.JsonSerializationException unable to find constructor to use for types" error when deserializing class -

-
i developing app in xamarin android. have splash screen serialize class , pass mainactivity using intent . when try deserialize in mainactivity error message : "serializationexception unable find constructor use types" serialization : void loaddata() { currency currency = new currency(this); intent = new intent(this, typeof(mainactivity)); intent.putextra("currency", newtonsoft.json.jsonconvert.serializeobject(currency)); startactivity(intent); } deserialization : cur = newtonsoft.json.jsonconvert.deserializeobject<currency> (intent.getstringextra("currency")); // error here class constructor : public currency(context context) { thiscontext = context; } i began experiencing problem after added parameter context context constructor. has caused this? how can solve it? possible serialize/deserialize class has parameters? you need have empty constructor in currency class in order deserialize it. ...
Read more