How to Save Images for Each User in Web Services

Asked 1 years ago, Updated 1 years ago, 289 views

I think there is a Web service that stores data for each user.For example, I will create an account on Google Drive, Amazon Photo, etc., and save image data and files for each account.So I have a question: How is it best to save images of each user for such a service?

I think it's common for web pages to get images from servers according to links, but I'm worried that anyone can get personal images by analyzing server hierarchies and per link. Is it supposed that image data in img tags is not accessed if links are complicated? https://lh3.googleusercontent.com/fife/***
You can see personal images by using links like this, but if you assume that the *** part is complicated and you don't find it, you'll understand.

Also, if you think about safely removing the image from the server, you might want to save the image binary in DB, but it is generally not considered acceptable, so please let me know if you have the best solution.

html http https server-management

2022-09-30 21:59

1 Answers

A server-side script (programming language) is required as a prerequisite.

I think it's common to get images from a server according to a link on a web page.

You can do something different than what you think is common.

When you first operate a file that requires authentication, place the file in a private area.
Ensure that the server script authenticates and the server script outputs the file again.
Never put a file in the public area, but print it out through a server script.You may want to find out how it is printed because it depends on the language.

It's the same thing to do just because the storage location is different from that of the DB.
If it is Paas, it may be stored in object storage.

Assume that the image data in the img tag will not be accessed if the link is complicated

Of course, as a service, if it meets security requirements, it may operate like that.However, considering the leakage of URLs and the attack on a round-robin basis, it may be considered dangerous to store them in a public area.Unfortunately, in that case, saving files using random strings is not supported.In that case, we will take the above action.
Check it against product and project requirements.

2022-09-30 21:59

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

926 In Java servlet, when SHA-256 sends WW-Authenticate header for digest authentication, the client does not return the result.

503 Understanding How to Configure Google API Key

515 PHP ssh2_scp_send fails to send files as intended

490 /usr/bin/google-chrome:symbol lookup error:/usr/bin/google-chrome: undefined symbol:gbm_bo_get_modifier

514 rails db:create error: Could not find mysql2-0.5.4 in any of the sources

© 2024 OneMinuteCode. All rights reserved.