堆栈内存溢出
  简体   繁体   English

Azure Blob文件存储策略

[英]Azure Blob file storage strategy

 原文  2011-11-07 14:17:54       asp.net-mvc/ security/ azure/ azure-storage/ azure-storage-blobs

问题描述

In my site the user can upload two kind of files: 在我的网站中,用户可以上传两种文件:

  • documents (doc, pdf, jpg, zip) 文件(doc,pdf,jpg,zip)
  • avatar image (jpg) 头像图片(jpg)

I started creating a private blob container . 我开始创建一个私有blob容器 So I can check that the user that is asking for a file have the rights to download it . 所以我可以检查要求文件的用户是否有权下载它

The problem arise when, in a page of the public part of the site, I have to show all the users avatar images. 当在网站的公共部分的页面中,我必须向所有用户显示头像图像时出现问题。 In this case ther is no need to check anything but the avatar image are saved in the same blob container of the documents that is private. 在这种情况下,除了头像图像保存在私有文档的相同blob容器中之外,不需要检查任何内容。

So, the first solution was to create a simple action that receive the file name of the picture and then get it from the blob and push to the out stream. 因此,第一个解决方案是创建一个简单的操作,接收图片的文件名,然后从blob中获取并推送到流出。 But doing so I give to malicious users the ability to ask for reserved documents using this script. 但这样做我给恶意用户提供了使用此脚本请求保留文档的能力。 (simply asking for the document file name instead of the avatar image file) (只是询问文档文件名而不是头像图像文件)

What is the best solution? 什么是最好的解决方案? Creation of two distinct blob container (one private and one public)? 创建两个不同的blob容器(一个私有和一个公共)? Other solutions? 其他方案?

EDIT 编辑

Using metadata to mark public files? 使用元数据标记公共文件?

1 个解决方案

解决方案1
 4 已采纳  2011-11-07 14:31:49

I would suggest creating two different containers. 我建议创建两个不同的容器。 Not only that, but I will also suggest that you do not just push avatars to the stream, but instead publush the full blob URL to the source. 不仅如此,我还建议您不要将头像推送到流中,而是将完整的blob URL发布到源。 Thus you will be able to later use the CDN also! 因此,您以后也可以使用CDN! Using a "transparent proxy" action method makes non-sense for public blobs. 使用“透明代理”操作方法对公共blob没有意义。 As for the private blobs - I think your approach is good, but you'll have to perform some security checks before serving the blob contents. 至于私有blob - 我认为你的方法很好,但你必须在提供blob内容之前执行一些安全检查。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure DocumentDB和Azure Blob存储 - Azure DocumentDB and Azure Blob Storage 如何从Azure Blob存储下载,解压缩和反序列化对象/文件? - How to Download, Decompress and Deserialize an object/file from Azure Blob Storage? 如何将文件从 Azure Blob 存储下载到浏览器 - How to download a file to browser from Azure Blob Storage 下载文件后如何从 azure blob 存储中删除文件 - How to delete a file from azure blob storage after downloading it 将文件从客户端上传到Azure Blob存储| MVC - Upload File/s From Client To Azure Blob Storage | MVC 当文件存储在 Azure Blob 存储中时触发 API 端点 - Trigger an API endpoint when ever a file stored in Azure Blob Storage 是否可以将字节附加到 Azure Blob 存储中的 Blob? - Is it possible to append bytes to a blob in Azure Blob Storage? SAS的Azure Blob存储授权 - Azure Blob Storage authorization with SAS 将文件上传到Blob Azure - Upload file into Blob Azure 列出具有Azure Blob存储的容器的内容 - Listing the contents of a container with Azure Blob storage
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM