I'm designing a website for my university's engineering related program. I've just added file uploads for registered users to host projects files they are working on. These uploads are done using a html form. The form and file data is passed to the server using Ajax which then uploads the file to Amazon web services s3. The file is not stored locally. Links are then provided on the user's page. The user base is small for know but I'm worried with more users there will be a risk of virus uploads. Could infected files uploaded with this method be executed on the server? Also is there an alternate way of accomplishing this or preventing virus uploads?
Related
I have a form where users can upload their resumes, then our HR gets an email with the attached resume and also there is a dashboard where HR can view the application and download the resume. Currently, I'm saving the resumes in the storage/app/...folder. I was reading about security and I'm worried some people would upload some bad files and that Laravel's mimes validation is not enough. So I decided to upload files to Amazon AWS s3. I was able to upload and download the file except attaching the file in an email. My questions are:
1) Is there a way to attach files from S3 in Laravel mail? (I can't just provide a link in the email to access the files since the uploaded files to S3 are not accessible by public URL, they have to be downloaded)
2) Are there any other validation and safety checks other than checking file extension (ex: mimes:pdf,jpg....)?
3) If you were in my place, how would you tackle this problem?
Thank you
Relatively new to web development here, but am trying to implement an image upload feature, the contents of which will be previewed to the person (administrator) uploading the image, and then stored in a database (and displayed to the end user on a different page).
I found a resource that uses a Imageshack API, and was a bit confused about what this is and how the person implemented the API to achieve the image upload. The code for this is here: http://www.sceditor.com/posts/how-to-upload-and-insert-an-image/
When I googled "Imageshack API," I kept running across something that said I need to request a key. What does this mean, and do I have to do it? Is this the easiest way to go about creating an image upload feature for my purposes?
Thank you all very much!
Imageshack API is for uploading image files to your account hosted at Imageshack.com. It seems that you want to upload image files to your own website and store such files on your own web servers (either in a cloud service such as AWS or your co-located/managed servers at some data centres). So, you probably do not want to use Imageshack.
As to how to upload image files using HTML & PHP, you may want to check out a short tutorial at:
www.w3schools.com/php/php_file_upload.asp
Also, by the way, storing image files into a database such as MySQL may not be a good idea -- image files should be stored as files. It is faster to access such image files on a web server than to access image contents stored in a database.
I am currently writing an application using the Yii-framework in PHP that stores a large number of files uploaded by the users of the application. I decided that since the number of files are going to be ever increasing, it would be beneficial to use Amazon S3 to store these files and when requested, the server could retrieve the files and send it to the user. (The server is an EC2 instance in the same zone)
Since the files are all confidential, the server has to verify the identity of the user and their credentials before allowing the user to receive the file. Is there a way to send the file to the user in this case directly from S3 or do I have to pull the data to the server first and then serve it to the user.
If So, Is there any way to cache the recently uploaded files on the local server so that it does not have to go to s3 to look for the file. In most cases, the most recently uploaded files will be requested repeatedly by multiple clients.
Any help would be greatly appreciated!
Authenticated clients can download files directly from S3 by signing the appropriate URLs on the server prior to displaying the page/urls to the client.
For more information, see: http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html
Note that for confidential files you may also want to consider server-side/client side encryption. Finally, for static files ( such as images ) you may want to set the appropriate cache headers as well.
Use AWS Cloud Front to server these static files. Rather than sending the files to the user, send them links to the files. The Links need to be cloud front links & not direct links to the S3 bucket.
This has the benefit of keeping load low on your server as well as caching files close to your users for better performance.
More details here Serving Private Content through CloudFront
i am writing an iphone application, which basically uploads and downloads Images to/from a server. in order to test my code i installed xampp and everything works fine now. if i upload an image the server creates a folder named with the UDID-number of the device
(via the http-method POST a php script is called).
but if i enter the directory of such a folder and the name of the image in the browser i can see it in the browser.
i am a newby on this topic and have no idea if there are better possibilities. my questions are: should i use databases where i save the images or is it just fine to create folders via a php script and save the images into these folders? can i hide all the datastructure, such that you cannot access it via a browser but only with the iphone application? (the application should only be able to download pictures randomly). thx
If you do not want an image serverable by apache, you need to store it outside the webroot. So if your webroot is C:\xampp\htdocs, you could store the images in a folder structure under C:\xampp\images
Your iphone app would have to do a little more work then to pull a random one and send it to the user.
I am launching a web application soon that will be serving a fair amount of images so I'd like to have a main web server and a static content server and possibly a separate database server later on.
I'd like the user to:
login and be able to upload a photo
the photo is renamed a randrom string
the photo is processed into a thumbnail
the photo and thumbnail are stored into a filesystem on the static server.
the photo and thumbnail's directory and filename are stored in a mysql database
The problem is I don't know how to have the user instantly upload an image to a separate server.
I thought about using amazon s3, but you can't edit filenames before posting them. (through POST, I'd rather not use the REST api)
I could also use php's ftp function to upload to a separate server, but I'd like to dynamically create folders based on the properties of the image (so I don't have all the images in one big folder obviously), but I don't know how this would work if I used ftp...
Or I could save them locally and use a CDN, I'm not too familiar with CDN's so I don't know if using them this way would be appropriate or cost-effective.
What are my options here? I'd like the images to be available instantly (no cron jobs/queues)
Thanks.
You can create directories over FTP with PHP, so that should not be a showstopper.
I thought about using amazon s3, but you can't edit filenames before posting them. (through POST, I'd rather not use the REST api)
If you let your PHP server do the uploading to S3 via POST, you can name the files whatever you want. You should do that anyway, letting your users upload to S3 directly, without your PHP code inbetween, sounds like bad for security to me.