How to Save Images for Each User in Web Services

Asked 2 years ago, Updated 2 years ago, 326 views

I think there is a Web service that stores data for each user.For example, I will create an account on Google Drive, Amazon Photo, etc., and save image data and files for each account.So I have a question: How is it best to save images of each user for such a service?

I think it's common for web pages to get images from servers according to links, but I'm worried that anyone can get personal images by analyzing server hierarchies and per link. Is it supposed that image data in img tags is not accessed if links are complicated? https://lh3.googleusercontent.com/fife/***
You can see personal images by using links like this, but if you assume that the *** part is complicated and you don't find it, you'll understand.

Also, if you think about safely removing the image from the server, you might want to save the image binary in DB, but it is generally not considered acceptable, so please let me know if you have the best solution.

html http https server-management

2022-09-30 21:59

1 Answers

A server-side script (programming language) is required as a prerequisite.

I think it's common to get images from a server according to a link on a web page.

You can do something different than what you think is common.

When you first operate a file that requires authentication, place the file in a private area.
Ensure that the server script authenticates and the server script outputs the file again.
Never put a file in the public area, but print it out through a server script.You may want to find out how it is printed because it depends on the language.

It's the same thing to do just because the storage location is different from that of the DB.
If it is Paas, it may be stored in object storage.

Assume that the image data in the img tag will not be accessed if the link is complicated

Of course, as a service, if it meets security requirements, it may operate like that.However, considering the leakage of URLs and the attack on a round-robin basis, it may be considered dangerous to store them in a public area.Unfortunately, in that case, saving files using random strings is not supported.In that case, we will take the above action.
Check it against product and project requirements.


2022-09-30 21:59

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.