如何安全地在服务器上存储文件 [英] How to securely store files on a server
问题描述
我在做什么:
我基本上需要创建一个由PHP编写的登录页面,你有一个读取整数的搜索栏,数据被发送到一个PHP脚本,该脚本检索一个以数字作为其名称的图片。
I basically need to create a website secured by a login page written in PHP that once logged in, you have a search bar that reads integers and the data is sent to a PHP script that retrieves an image with the number as its name.
在此服务器上要搜索的几千个图片 - 库存图片)
(I'll be storing a few thousand images on this server to be searched - inventory images)
-
需要帮助:
根据我的研究,我知道你不要使用数据库如MySQL来存储实际图像,因为速度和低效率。如果您不将其存储在数据库中,并将其留在服务器的文件系统上(如建议的那样),如果有人在地址栏中键入直接URL,则不会将它们带到我的服务器上的文件中?
From my research, I understand that you "don't" use databases such as MySQL to store actual images because of speed and inefficiency. If you don't store it in a database, and you leave it on the server's file system as suggested, if someone types a direct URL into an address bar, wouldn't it bring them to the files on my server?
如何防范此情况。
感谢您的帮助,任何洞察力或建议将不胜感激。我没有在我的服务器上的文件没有成功通过登录页面。这对我很重要,因为将来会添加更复杂的信息。
Thanks for any help, any insight or suggestions would be appreciated. This is important for me because more complex information will be added in the future.
推荐答案
(或任何其他脚本)通过使用所谓的X-Sendfile响应头。
A recommended way of handling file downloads via PHP (or any other script) is by using the so called 'X-Sendfile' response header.
PHP脚本处理认证,一旦验证,它将设置几个响应标头以及告知网络服务器传送文件的X-Sendfile;
The PHP script handles the authentication and once validated it will set a few response headers together with an 'X-Sendfile' that tells the web server to deliver a file; the script ends and the web server takes over.
这里有一个简单的例子:
See here for a simple example:
http://www.jasny.net/articles/how-i-php-x -sendfile /
这篇关于如何安全地在服务器上存储文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
