I have a form where users can upload their resumes, then our HR gets an email with the attached resume and also there is a dashboard where HR can view the application and download the resume. Currently, I'm saving the resumes in the storage/app/...folder. I was reading about security and I'm worried some people would upload some bad files and that Laravel's mimes validation is not enough. So I decided to upload files to Amazon AWS s3. I was able to upload and download the file except attaching the file in an email. My questions are:
1) Is there a way to attach files from S3 in Laravel mail? (I can't just provide a link in the email to access the files since the uploaded files to S3 are not accessible by public URL, they have to be downloaded)
2) Are there any other validation and safety checks other than checking file extension (ex: mimes:pdf,jpg....)?
3) If you were in my place, how would you tackle this problem?
Thank you
Related
I'm designing a website for my university's engineering related program. I've just added file uploads for registered users to host projects files they are working on. These uploads are done using a html form. The form and file data is passed to the server using Ajax which then uploads the file to Amazon web services s3. The file is not stored locally. Links are then provided on the user's page. The user base is small for know but I'm worried with more users there will be a risk of virus uploads. Could infected files uploaded with this method be executed on the server? Also is there an alternate way of accomplishing this or preventing virus uploads?
I'm trying to upload files not from Form but from directory, say the given directory is "D:\Pictures".
$directory = "D:\Pictures";
How to retrieve the files stored in that folder and then upload to my web application?
I'm using old laravel here, version : 3.2.13.
The answer is you CAN'T. Upload the file not from Form but from directory is an dangerous action. Simply imaging that hackers could create a simple website for submit something and easy to stolen your file easily.
So, reconsider about your goal. Why you have to upload a file from client computer without select from form?
Relatively new to web development here, but am trying to implement an image upload feature, the contents of which will be previewed to the person (administrator) uploading the image, and then stored in a database (and displayed to the end user on a different page).
I found a resource that uses a Imageshack API, and was a bit confused about what this is and how the person implemented the API to achieve the image upload. The code for this is here: http://www.sceditor.com/posts/how-to-upload-and-insert-an-image/
When I googled "Imageshack API," I kept running across something that said I need to request a key. What does this mean, and do I have to do it? Is this the easiest way to go about creating an image upload feature for my purposes?
Thank you all very much!
Imageshack API is for uploading image files to your account hosted at Imageshack.com. It seems that you want to upload image files to your own website and store such files on your own web servers (either in a cloud service such as AWS or your co-located/managed servers at some data centres). So, you probably do not want to use Imageshack.
As to how to upload image files using HTML & PHP, you may want to check out a short tutorial at:
www.w3schools.com/php/php_file_upload.asp
Also, by the way, storing image files into a database such as MySQL may not be a good idea -- image files should be stored as files. It is faster to access such image files on a web server than to access image contents stored in a database.
Using symfony2, I would like to upload some files only from their path on my PC.
I read an excel file containing some path to pictures (like /home/thibault/pictures/*.jpg) and I want to upload them on my server. So, I do not want a form.
All the documentation I have read deal with upload from a form, is this possible to do that without ?
Thanks in advance,
No it is not possible. For what you are looking for you need to deploy some locally running agent. Any browser will not permit you to pull files form folders on the user's computer. The user has to be the one to say what files they want to upload if it is to be done inside a browser.
I am currently writing an application using the Yii-framework in PHP that stores a large number of files uploaded by the users of the application. I decided that since the number of files are going to be ever increasing, it would be beneficial to use Amazon S3 to store these files and when requested, the server could retrieve the files and send it to the user. (The server is an EC2 instance in the same zone)
Since the files are all confidential, the server has to verify the identity of the user and their credentials before allowing the user to receive the file. Is there a way to send the file to the user in this case directly from S3 or do I have to pull the data to the server first and then serve it to the user.
If So, Is there any way to cache the recently uploaded files on the local server so that it does not have to go to s3 to look for the file. In most cases, the most recently uploaded files will be requested repeatedly by multiple clients.
Any help would be greatly appreciated!
Authenticated clients can download files directly from S3 by signing the appropriate URLs on the server prior to displaying the page/urls to the client.
For more information, see: http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html
Note that for confidential files you may also want to consider server-side/client side encryption. Finally, for static files ( such as images ) you may want to set the appropriate cache headers as well.
Use AWS Cloud Front to server these static files. Rather than sending the files to the user, send them links to the files. The Links need to be cloud front links & not direct links to the S3 bucket.
This has the benefit of keeping load low on your server as well as caching files close to your users for better performance.
More details here Serving Private Content through CloudFront