Level 75
See https://laravel.io/forum/04-23-2015-securing-filesimages
Which I modify as needed per application.
1 like
Nov 11, 2022
4
Level 8
Where should I store user uploaded images?
I'm working on a system that allows users to upload images and view them.
Each user can set the privacy of the photos he uploads thus deciding who can view them.
But where should I store these photos, which are users private photos and not some global website assets?
I'm using my hard drives, not S3, and it's on the same machine.
(Unless I should have a dedicated vm for the machines if that helps)
Level 8
@jlrdw Perfect, thank you!
And also in my case, every user should have his own subfolder in storage/images or something similar right?
Level 75
@Ligonsker It's preference. I have worked out code where the user id is part of image name. And using some string functions I compare it with Auth::id as an auth check. But many ways to tweek it to work as needed.
I normally will serve secure images through a script rather than an img tag, just my preference.
I also do not store private images in storage, rather in a folder outside of web altogether. You have to ensure your server allows full folder access.
1 like
Level 8
@jlrdw
you mean that if the app is inside /var/www/myapp, I can place it somewhere like /var/images and give nginx permissions to that folder as well? (that what you mean by "ensure your server allows full folder access"?)
Also what do you mean by script? That you use JS to display images? (or maybe Vue/React?)
Please or to participate in this conversation.