Level 60
Store them in storage/app folder
1 like
Mar 25, 2021
4
Level 2
Secure uploaded files
My users must upload their own identity documents such as their ID card or passport ... When these files are uploaded, anyone can easily access them in the public folder .. Where do you think these sensitive files should be uploaded? How not everyone can access them and how to secure them
Level 75
I store out of web altogether somewhere else on file system. And use a script to view them that's authenticated through a route.
But if storage, something like:
class ImageController {
public function displayImage() {
$basedir = storage_path('app/upload');
$imagedir = Request::input('dir');
$image = Request::input('img');
$string = $image;
$str = (int) Cln::findId($string, "_", ".");
If (Auth::id() != $str) {
exit(0);
}
if (Auth::check()) {
$file = $basedir . '/' . $imagedir . '/' . $image;
return response()->file($file, array('Content-Type' => 'image/jpeg'));
}
}
route
Route::get('image', 'ImageController@displayImage');
I put user id as part of image name. A string function gets it out of image name.
1 like
Level 2
Where? Can you explain more, of course, with code?
And do you think storage/app it is not enough to create security?
Level 75
It is when authentication is applied.
Usage:
<img src="<?php echo 'image?dir=clienta&img=' . $row->their_img; ?>" alt="" class="image">
Where clienta and their_img is your folder and image name.
String function mentioned above:
public static function findId($string, $start = "", $end = "") {
if (strrpos($string, $start) != 0) {
$p1 = strrpos($string, $start) + 1;
$p2 = strrpos($string, $end);
$leng = $p2 - $p1;
$rvalue = substr($string, $p1, $leng);
return $rvalue;
}
return 'Not correct format';
}
Of course these are only suggestions. But storage can also be viewed if someone put the right url in. But authentication protects that, going through a route makes it secure.
Please or to participate in this conversation.