堆栈内存溢出
  简体   繁体   English

防止通过Ember应用程序直接访问Azure文件

[英]Prevent direct access to Azure file except through Ember Application

 原文  2015-10-07 14:58:42       javascript/ node.js/ ember.js/ azure-storage/ azure-storage-blobs

问题描述

I need to prevent access to a file that my application can display. 我需要阻止访问我的应用程序可以显示的文件。 We're running an Ember.js on Node (not Ember-cli yet), and the file is retrieved through an Ember model. 我们正在Node上运行Ember.js(尚未运行Ember-cli),并且通过Ember模型检索文件。 The file itself, when uploaded through our application, is stored in Azure Blob Storage, and our application is hosted through Azure. 通过我们的应用程序上载时,文件本身存储在Azure Blob存储中,而我们的应用程序则通过Azure托管。

Azure Blob seems to have access controls, but all the tutorials are for .NET I think, and I am, at the moment, unable to map the process one to one as the tutorials such as http://www.dotnetcurry.com/windows-azure/901/protect-azure-blob-storage-shared-access-signature seem to use the SDK. Azure Blob似乎具有访问控制,但是我认为所有教程都适用于.NET,目前,我无法像教程http://www.dotnetcurry.com/那样将进程一一映射。 Windows-azure / 901 / protect-azure-blob-storage-shared-access-signature似乎使用了SDK。

So, for example, I need to provide a link to access a .pdf file. 因此,例如,我需要提供一个链接来访问.pdf文件。 I'm using an ember action to open it in a new tab, but the tab's url reads : 我正在使用余烬操作在新标签页中将其打开,但标签页的网址为: 

"https://myapplication.blob.core.windows.net/containing-folder/sensitiveFile.pdf"

And if I copy and paste this to another window, or another tab, I can easily access it. 而且,如果我将其复制并粘贴到另一个窗口或另一个选项卡中,则可以轻松访问它。

Based on that, I have a couple of questions: 基于此,我有两个问题:

  1. Can I restrict access to this file except though our application? 我可以通过我们的应用程序来限制对该文件的访问吗? If so, is it only possible through .NET or is there is a javascript equivalent? 如果是这样,那只能通过.NET进行,还是有一个JavaScript等效项? How would I go about doing this? 我将如何去做呢?
  2. Is there a broader method to display a file, but restrict access to the url? 是否有更广泛的方法来显示文件,但限制对URL的访问? The closest thing I can see so far is to open it in a new window and hide the address bar, but that makes it dangerously close to a popup + you can easily retrieve this url. 到目前为止,我能看到的最接近的东西是在新窗口中打开它并隐藏地址栏,但这使它很危险地靠近弹出窗口+您可以轻松地检索此URL。

1 个解决方案

解决方案1
 1 已采纳  2015-10-07 16:33:30

I spoke too soon. 我说得太早了。 I found a tutorial with shared access keys re: Node.js that I seem to have missed the first time around. 我发现了一个教程,其中包含共享访问密钥,即:我似乎第一次错过了Node.js。

https://azure.microsoft.com/en-us/documentation/articles/storage-nodejs-how-to-use-blob-storage/#work-with-shared-access-signatures https://azure.microsoft.com/zh-CN/documentation/articles/storage-nodejs-how-to-use-blob-storage/#work-with-shared-access-signatures

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 防止使用 AJAX 直接访问 PHP 文件 - Prevent Direct access to PHP file using AJAX PHP禁止直接访问 - PHP Prevent Direct Access 防止直接访问 php - Prevent direct access to a php 阻止直接访问文件,但允许通过jquery加载功能进行访问 - block direct access to file but allow access through jquerys load function 下载文件:直接访问应用程序谷歌浏览器或其他方法 - Download file: direct access to application google chrome or another way to do it 如何防止直接访问我的JSON服务? - How to prevent direct access to my JSON service? 防止在ember应用程序中拖放默认值 - Prevent drag and drop default across ember application 阻止url直接访问index.php,除非用户单击另一个特定html文件(例如index.html)上的链接 - block url direct access to index.php except when user clicked on the link on another specific html file such as index.html 从外部访问Ember应用程序实例(cordova) - Access Ember application instance from outside (cordova) 如何访问“生成的应用程序控制器”? 在灰烬中 - How to access a “generated application controller”? in Ember
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM