Take a look at one solution I am using. All the heavy lifting is left to Apache, it's more than 10x faster compared with my previous solution using a controller to pass the file contents, and memory usage also drops to almost nothing.
http://dtemes.blogspot.com/2011/05/secure-downloads-with-apache-and.html On 27 jul, 01:04, DigitalDude <[email protected]> wrote: > Hey, > > today I was wondering on how to solve a specific task: I have a Cake > app where users can upload images. As most of us know the image folder > in the webroot is public and anyone could view these images, as long > as they know the filename (listing of index is prohibited). > > Another way is to put uploaded files on an image server via ftp and > save the filename to the database. > > The problem I have now is, let's say users terminate their account on > my app and still know a few filenames, they could just type in the > address with the filename and would still see the image! > > I guess the problem is the same when I have an image server... > > So when a file is called abc.jpg, and it was available > athttp://myapp/img/abc.jpg, > also not logged in users could still view this image. > > I'm looking for an idea or a way to protect this image so only logged > in users can view it. It may be ok when other logged in users could > view it when they know the address. But it would be very intersting if > anyone would have a clue if it would be possible to protect them from > a direct access via typing it into a browser as a url... > > Any ideas or hints for this? > > Regards, > > DD -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
