简介的图片收获与BIGINT的ID [英] Profile Image Harvesting with bigint ID's

问题描述

我有大量的影像的目前由GUID的ID'd（这是 FILESTREAM SQL Server表中的要求）。

I have a large volume of images that are currently ID'd by GUID's (this is a requirement for FILESTREAM tables in SQL Server).

然而，这是一个可怕的索引。我期待在使用 BIGINT 来标识他们，但我觉得这会让我的数据库容易受到轮廓收获。

However, these are horrible for indexing. I'm looking at using a bigint to ID them but I feel that this would make my database vulnerable to profile harvesting.

什么是最好的做法吗？我能以某种方式减轻个人资料收集的问题？

What's the best practice here? Can I alleviate profile harvesting concerns somehow?

*通过配置文件收获我的意思是别人的下载/存储能力，通过能够predict下一个ID的所有图像

*by "profile-harvesting" I mean somebody's ability to download/store all images by being able to predict the next ID

推荐答案

这在很大程度上取决于你如何允许访问您的内容给用户。如果你是给权限用户的访问，那么你可能会限制他们通过一个数据库实体指定哪些资源可用于哪些用户。

It a lot depends on how you allow access to your content to your users. If you are giving permissions based access to your users then you may limit them through a database entity specifying what resources are available to which users.

对于一般资源榨取，一篇好文章可在这里的话题的如何-于─prevent的非资源型水蛭从-A-网站。在这篇文章中code可以进行修改，以保护影像即资源以.jpg结尾，巴纽等。

For general resource leeching, a good article is available on the topic here how-to-prevent-the-resource-leech-from-a-website. Code in this article could be modified to protect images i.e. resources ending with .jpg, .png etc.

作为另一种选择，你可以使用临时下载的URL。为实现相同的文章可以在这里生成临时下载的网址找到

As another option you could use Temporary Download URLs. An article for implementing the same could be found here Generating Temporary Download URLs

如果您通过您可以使用哪些特定的时间段后过期。一个加密的临时网址参数的HttpHandler提供您的资源

If you are providing your resources through a HttpHandler you may use an encrypted temporary url parameter which expires after a specific time period.

这些方法的实施，主要是根据你如何提供给您的资源的访问。

Implementation of these methods is primarily based on how you provide access to your resources.

这篇关于简介的图片收获与BIGINT的ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！