Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I'm creating a browser based image cloud service and every user will have his own picture folder.
My question is how to make sure, other users or hackers can not access foreign folders.
What is to consider?
Is it e.g. enough to check session-variables?
Thanks in advance!
I'm not 100% sure what you mean by just checking the session-variables.
I would create a setup like this:
\root
\userImages
\user1
\img1.png
\img2.png
\user2
\img1.png
\img2.png
\public
\index.php
I'm assuming you would use PHP or ASP.NET or something similar that uses some type of server like nginx or apahce. You can set the server root to the public folder. This means only your code would have access to the user images.
You can use PHP or whatever language to look at the session information and see if the user is authenticated. If you can, I would recommend encrypting the cookie data with Mycrypt. Once you have checked the authentication, you can get the file with a script and send back header information. Here's a really in depth article that I think would help you if you actually want a how-to. Protecting Images with PHP
If you are using PHP, Laravel handles sessions and protecing images really nicely.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
I was wondering that how do storage solutions like S3 or Google Drive check whether their storage platform is being abused for the storage of malicious content?
e.g. if someone uploads a password protected zip file to their servers, I don't see a way on how they can verify it.
For unencrypted files, I can understand some sort of file parser could work. But if someone uploads a password protected file, the only way to see/verify the contents is try to brute force your way into it (ignoring the moral obligations for the organisation to not do that).
So, how do these companies/solutions verify the kind of data that is being uploaded on their platforms?
There isn't technical solution, but on legal solution. They say: "We are only a service provider, not a content provider. We aren't responsible of the illegal use of our services".
This stand has been the same with Youtube, where you was able to upload content with copyright without issue with Google (but with the owner of the copyright). Now, it has changed and Youtube performed check, but it was the same legal principle.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I am a beginner and I create a web app with react, I want to my web app be able to read and write a json or csv from my hard disk, I've done this easy with c++ and python I should learn about node.js, django or something like that? I've search and I don't know what to do
What should I do?
Edit: In this question I mean my disk no matter what, I readed the answers and already know what this is not a good idea
Part of the beauty of the web is that web browsers generally do not have access to the computer's filesystem. This is an intentional security choice. It would be horrible if advertisers could see the contents of your hard drive.
There are technologies that let individual websites store information on your computer that act a little bit like a filesystem, ranging from old school cookies to more advanced databases like LocalStorage or IndexedDB.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
Coming from a more traditional web frameworks like Django and a little bit Rails, I am a bit confused about what is the best to register new user in your couchdb backed web app. The registration process should include sending an e-mail with an activation link.
Can this be handled in couchdb completely? Or do I just write a little bit of code in my web app layer as I did before?
Any link or short explanation is highly appreciated.
CouchDB has a basic authentication system that allows you to create users, manager their roles and permissions.
Although, you'll probably need to add a certain logic in your application layer to support some of the basic feature of an authentication system.
For example, you would have to add some code to support password recovery.
Also, it supports Cookie authentication but you can't revoke cookies from a user(If that's an issue for you, don't use CouchDB's auth system)
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
Guys i'm new in Nodejs,
please can it be used on the web like php?
First you decide what type of situation you have.
If you want to make shopping site, social network etc which use large data processing , then you go for node.js (for example linkedin is made in node.js ).
But if your website does not require much data processing in server side you can go for php.
Nodejs is little difficult to use but once you use it perfectly your website will run smooth.
Both are good languages.
Yes you can easily use nodejs as a server side language.
Nodejs is faster than php. You can use nodejs to speedup your loading speed of your website.
Because nodejs heavily use callbacks.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have a business idea where clients would enter some information in on a Software as a service type interface by filling out some web forms. The information they entered in would then be saved to my database. I am comfortable with this part, however I would like to be able to have clients put a small almost stupidly simple code snippet on their web page and be able to push content to their web page in a content div. I guess I could just send them a .php file to upload to their root and a single include line to write but I would prefer not to do this sort of thing since I don't really want to be mailing out proprietary code snippets with my DB information.
Are there any suggestions for how to implement the content push that are both extremely simple for clients to put on a web page but at the same time very private in the way the code is pushed?
I don't know if I understood your question really well but...
Isn't the answer to your problem a webservice? You could create a webservice that receives some sort of "password" and if the password is right you return the data JSON/XML formatted.
But you are talking about push, that means that when your server have new information you want to notify your client's server about the new information. I would say that what you should do in that case is make a request to the client server notifying them that you have "new stuff" and then after they have been notified they simply go ahead and use your webservice (mentioned above) and update their data.
I hope this answer your question or gives you and idea of how to do it.