问题
In my web application, a user can upload their profile picture. They can sell their mobile online, so they can also upload images of their mobile, but if I store profile picture and mobile photos in mylaravel-app/public/(css js images user-photos) then every other user can see those photos as well.
How should I store the photo in another directory so that only the user can see only their photos, and also user must not be able to see whole directory of photos from url like:
`site.com/photos (whole directory is exposed )`
回答1:
One way to do this would be to give each user their own folder for photos, so if a user id was 1, their directory would be mylaravel-app/public/photos/userid, then put the user id that matches up with the photos in a separate table in the database. You can also chmod the folder so only the application can access the photo directory. Here is an article for that: File Permissions
回答2:
You could store it in the database along with metadata like who owns it and other permissions and make a page that pulls the photo from the database, checking to make sure that the user accessing it is able to. You can use .htaccess to make the page look like a directory accepting the image name as a parameter.
来源:https://stackoverflow.com/questions/20823658/laravel-3-how-to-securely-store-users-data-in-ubuntu-server