Hey,
I was wondering the other day how I could secure my directories for
uploaded files in my app.
I tested to access a picture directly from my browser, and it worked.
That's a really bad security hole and I need to solve this problem!
My files are uploaded in this way:
The file will be uploaded, renamed with a unique hash-name, in a
folder for every user. In a databse table I keep the infos about the
files, which are the user_id, the extension, the real filename, the
hashed filename with which the file was stored on my server and some
standard info like created, modified and so on...
I want to have the following behaviour:
When a file is uploaded, it should be in a directory which is secured
against access from outside. To download a file, I want to use an
action like download through which a logged in user can request a file
by its hash. The Action should then check in the databse if the
requested file belongs to that user and if this is true, the user
should be able to download the file.
I read about Media Views, but I need a little and simple example how
to achieve such a behaviour and I would be very thankful if someone
could explain it to me.
Thanks in advance,
DD
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to
cake-php@...
To unsubscribe from this group, send email to
cake-php+unsubscribe@...
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en-~----------~----~----~----~------~----~------~--~---
