I will say you should start to protect image folder with first level protection which is Apache htaccess rules. There are a lot of pages providing rules to be writen in htaccess file. The second thing maybe will be to think on some key generated name for images, so, instread of * pic_1000.jpg* (user id 1000) to write some random * pic_mmxeffqyYZ1rn0oofo1_500.jpg* name ( for example like tumblr.com does ), so no one can guess what is associated with.
Here is a nice article/list about image protection: http://www.naturefocused.com/articles/image-protection.html For testing you can create a subdomain on you website like * img.yourdomain.com* and to play directly / testing the rules that you want to implemet there, and set root folder for *img.yourdomain.com *like */app/webroot/img/uploads/ *. On Friday, May 24, 2013 6:52:38 AM UTC+2, advantage+ wrote: > > The point is for example (not comparing to Facebook / or any site that has > images / files) but you cannot go to facebook.com/profiles/uploads/imagesand > view all images its protected, server gets image location and sends it > out to the "view" when needed. > > > > I do not want the folder "files" are uploaded to be accessed. > > If I put the"upload" folder outside webroot CakeRequest::file just spits > out the image / file to the browser….. I do not want that. > > > > I need to pull from the folder and display it as if it was coming from img > folder as normal. > > > > You do not want anyone to go to site.com/img/uploads/ and have full > access to browse thru all your files / images / uploads > > > > > > > > *From:* [email protected] <javascript:> [mailto: > [email protected] <javascript:>] *On Behalf Of *André Luis > *Sent:* Thursday, May 23, 2013 9:27 AM > *To:* [email protected] <javascript:> > *Subject:* Re: Directory Protection > > > > Just a suggestion, but why dont you create a images folder on the root of > the server, them create a controller wich read the image and outputs to > browser? It would be protected... > > > > It would be like you create /app/images and upload the files to this > folder, them only cake would have access, but for a better security, the > root folder is advised. > > > Em quarta-feira, 22 de maio de 2013 23h08min56s UTC-3, advantage+ escreveu: > > I have an" img/uploads" folder which has users profile images and such. > > > > How do you go about protecting the folder so there is no access except > when Cake gets the images? > > So anyone can't just browse thru the directory? > > > > Google search turned up MediaView so put the uploads outside of webroot, > but > " As of 2.3 MediaView is deprecated and you can use *CakeResponse::file()*to > send a file as response:" > > > > Should it be set to use CakeResponse::file(*$path*, *$options = array()*) > > Allows you to set a file for display or download > > > > If so is there a simple example out there showing exactly how this would > get the files and server it up? > > > > $image = CakeResponse::file(*'where/file/is/here.jpg*, *$options = array() > *) > > $this->Controller->set('image', $image); > > > > Thanks, > > Dave > > > > -- > Like Us on FaceBook https://www.facebook.com/CakePHP > Find us on Twitter http://twitter.com/CakePHP > > --- > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To post to this group, send email to [email protected]<javascript:> > . > Visit this group at http://groups.google.com/group/cake-php?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/cake-php?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
