安全地存储私人图像
[英]Securely storing private images
问题描述
I am in need of a secure solution for storing a larger (unknown) amount of private images accessed only by a certain user. 
我需要一种安全的解决方案,用于存储仅由特定用户访问的大量(未知)私有图像。 This question is not surrounding things like logins, sessions or anything like that - solely surrounding images and them being stored. 这个问题不是围绕登录,会话等之类的东西,而是仅围绕图像及其存储。
I'll start out with explaining what I am trying to achieve and then go on to things I've thought about doing. 首先,我将解释我要实现的目标,然后继续我考虑过的事情。
Private images only accessible by a certain user 私人图像只能由特定用户访问
A user logs in to my site to upload and view images provided and uploaded by him/her. 用户登录到我的网站以上传和查看由他/她提供和上传的图像。 The images should only be accessible by that user - therefore a login is required. 图像只能由该用户访问-因此需要登录。 When a image is requested for viewing, the rendering is handled by a PHP-script validating the user's authority and bringing the actual image from the safe directory. 当请求查看图像时,将通过PHP脚本来处理渲染,该脚本验证用户的权限并将实际图像从安全目录中移出。
What I know, assume and think about. 我所知道的,假设的和思考的。
Indexing images for ease of managment 索引图像以便于管理
Every image that gets uploaded is indexed in a database for management, ie 上传的每个图像都在数据库中建立索引以进行管理,即
Title: "Me on a scooter"
User: {0E4A759A-CC31-4B0D-97E1-EEFB28F0BF86}
Filename: asuohLAFUUHJSFUhaSGFUOAHSGUA
Extension: .jpg
When the user wants to view the image, the server validates and checks if the user is indeed the owner of the image. 当用户想要查看图像时,服务器会验证并检查用户是否确实是图像的所有者。
Keeping the public away from the images 使公众远离图像
I've read some articles explaining that it's good practice to keep files outside of the document root directory. 我读过一些文章,解释说将文件保留在文档根目录之外是一种很好的做法。 Though I understand the concept, I don't fully understand how to do it in practice. 尽管我理解这个概念,但是我并不完全理解如何在实践中做到这一点。 My assumption: 我的假设:
/var/www/myFolder/ //here's where the html files are stored
/mySecureFolder/ //here's where the content are stored outside of the root, or on a higher level
So whenever the server should display an image it looks for it in the /mySecureFolder/ and checks if the file exists before rendering it for the user. 因此,每当服务器显示图像时,都会在/ mySecureFolder /中查找该图像,并在为用户呈现该文件之前检查该文件是否存在。
Assumption #2 假设2
Creating and placing an .htaccess file blocking everyone but localhost in the /mySecureFolder/ is what I should do to keep others out. 我应该在/ mySecureFolder /中创建并放置一个.htaccess文件来阻止除本地主机以外的所有人,这是我应该做的,以防止他人进入。
Question #1 The PHP process is running as the user www-data, is it safe to make the owner group of /mySecureFolder/ www-data? 问题#1 PHP进程以用户www-data的身份运行,是否可以安全地使/ mySecureFolder / www-data的所有者组?
Assumption #3 - Chmod 假设3-Chmod
To allow none but one specific system user i should CHMOD the folder recursivly with 0770, allowing only the owner user and the owner group to read, write and execute permissions. 要只允许一个特定的系统用户,我应该以0770递归地更改该文件夹,只允许所有者用户和所有者组读取,写入和执行权限。
Question #2 问题2
Is using .htaccess to deny access to everyone but localhost equivalent to placing the secure folder outside the root (/var/www/myFolder/) folder? 使用.htaccess拒绝对除本地主机以外的任何人的访问等同于将安全文件夹放在根(/ var / www / myFolder /)文件夹之外吗?
Assumption #4 Overkill 假设#4过度杀伤
Encrypting every image stored on the filesystem is overdoing it and - if the directory permissions are set up correctly - unnecessary. 加密存储在文件系统上的每个映像都将使加密变得多余,并且-如果正确设置了目录权限-则不必要。
My attack scenario is only outer attacks, hackers cannot access the server trough SSH nor via physically being at the server. 我的攻击场景只是外部攻击,黑客无法通过SSH或通过物理方式访问服务器来访问服务器。 The possible attacks are therefore outer attacks coming from the code I created - like injections and so on. 因此,可能的攻击是来自我创建的代码的外部攻击-如注入等。
I hope that the possible answers might come in handy for future bypassers, therefore I would appreciate if you help me out with formatting this question to ensure it being as clear as possible. 我希望可能的答案对以后的绕过者有用,因此,如果您能帮助我格式化此问题以确保其尽可能清楚,我将不胜感激。
2 个解决方案
解决方案1
3 2014-05-17 14:14:31
The best way is to store the images outside of /www - and have them in their own directory. 最好的方法是将图像存储在/ www外部-并将其放在自己的目录中。
Then use readfile() to 'serve' the images to the authorised user. 然后使用readfile()将图像“提供”给授权用户。 No need to CHMOD or use htaccess etc - as it is outside the www folder and cannot be accessed except through your application. 无需CHMOD或使用htaccess等-因为它位于www文件夹之外,除非通过您的应用程序,否则无法访问。
Something like this would work: 这样的事情会起作用:
function show_image($file_name= "")
{
// Ensure no funny business names to prevent directory transversal etc.
$file_name = str_replace ('..', '', $file_name);
$file_name = str_replace ('/', '', $file_name);
// now do the logic to check user is logged in - put your own code here
if (LoggedInUserCanAccessThisFile())
{
// Serve file via readfile()
// Images are stored in a specific user folder - so only the own user can get their own images
readfile('../image_storage/' . getLoggedInUserID() . '/' . $file_name);
}
}
You can read more about readfile() here from php.net 您可以在php.net上阅读有关readfile()的更多信息
解决方案2
1 2016-06-19 06:04:36
I am working on a similar issue; 我正在研究类似的问题; however, I may change my logic to incorporate readfile() function. 但是,我可以更改逻辑以合并readfile()函数。 But for now, I have images in a secure folder outside the public html folders. 但就目前而言,我的图像位于公共html文件夹之外的安全文件夹中。 A php script reads the directory to a session array, then sorts it by file name. php脚本将目录读取到会话数组,然后按文件名对其进行排序。 The second script uses html to navigate the array of filenames. 第二个脚本使用html导航文件名数组。 When a file is selected, it is copied to a tmp public image directory and displayed via html. 选择文件后,会将其复制到tmp公共映像目录并通过html显示。 Before selecting the next file, the previous one is removed from the tmp directory. 在选择下一个文件之前,将从tmp目录中删除上一个文件。 The original files remain in the secure folder. 原始文件保留在安全文件夹中。 This may be kind of awkward, but it works well for me. 这可能有点尴尬,但对我来说效果很好。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.