Reputation: 19
How to secure user's images on a server?
My web application is really simple. There are two buttons: one called "save" and the other called "show my images". Basically, the user can save images from the Facebook API and store them in the server folder called "backup" (to back up their images on the server so if they deleted their FB or image from FB they will have backup).
When the user clicks "save", the images will be stored in two locations. The image URL will be stored in SQL database, but it will also be saved on server folder called "backup"
When they click "show images", it will retrieve the image's URL from the database and display the image. However when
checkImage()is called, it will check if the image URL is valid. If it's invalid, it will retrieve the same image from the server folder "backup".
I don't want the admin to access the backup folder and be able to see all the user's images.
Before the images get saved in the backup folder on server I want to encode the user images and when they request the image it will decode and be displayed.
Is this possible?
The reason that I want to do this is because I'm worried that the FB image URL will be broken and thus the image will not show on the website.
function checkImage($url) {
if (@getimagesize($url)) {
echo "image exists ";
} else {
echo "image does not exist";
}
}
Upvotes: 0
Views: 1857
Answers (1)
Reputation: 1591
Yes it is possible and it is good thing to do
I have worked already on these kind of system, i have worked on sites similar to google drive or dropbox , and the security/ privacy for user's files comes at first and the point you are making is very much valid and reasonable.
Let me explain you what you can do to make this possible so even if admin / anyone have ftp access to the folder he / she will not be able to see the images at all.
When you save the images to your database , and you save also the link of facebook to check if it's valid or not , save also the following informations from the image to use them later on for decryption of images.
- File size
- Image type
- Image extension
- Image Original name
- Image encrypted name
- Image path
- Image user
- User path
Now let me explain you what these columns would mean to your system.
File size would be obviously the size of the image you are saving to your server in case you need the informations for insights of your server.
Image type should be the type of file which is like : image/jpeg or image/png
Image extension Should be the extension of image , which you will need to use for decrypting the image inside your system.
Image original name should be also used for system to decrypt the image to show the original image name
let say image original name + image extension will be used inside headers function for php.
Image encrypted name , this will be a random string without file extension for example :
let say you have a image named : myimage.jpeg , now what you will do is save the original file name and extension into database , then while using the move_uploaded function of php to move the file into folder of user (folder can be also unique random string for every user), then just rename the file inside upload process to something like 823982j3kkj2hjh3j2h323hj2h3jh23jh just a random string without extension inside a random string named folder which is associated to the user which even user doesn't know and save this random string name along with image 's other details and later on you will need to to identify the image and rename it to original one with extension.
Image path should be the complete path to the image folder , you need this to identify the folder where you stored the image
Image user this is obviosuly a user's id
User path this is a random string named folder where image will be stored
in this way , you will encrypt the image and it will be only visible to the user only from the system's functionality, even admins will not be able to identify the folder or files that are conncted to the users and files will be saved without extension and without original name , so only system will be able to decrypt it.
i hope i have given you an idea on how you can do it.
Upvotes: 1
Related Questions
- How do I get a YouTube video thumbnail from the YouTube API?
- How to display Base64 images in HTML
- How to auto-resize an image while maintaining aspect ratio
- How can I prevent SQL injection in PHP?
- Reference Guide: What does this symbol mean in PHP? (PHP Syntax)
- Secure hash and salt for PHP passwords
- Using Node.js as a simple web server
- How to vertically align an image inside a div
- How to lazy load images in ListView in Android
- Strange OutOfMemory issue while loading an image to a Bitmap object