I'm new in laravel
I have created a captcha.php file content-type image.
I'm not sure where is the best place to be stored securely. I google it and some people said put this file inside of resources folder
I dont think that you've realized that no single folder will be more secure than any other as once an attacker has compromised your computer they will be free to roam through your folders. Also using file permissions that do not permit read access to the folder is a good strategy to prevent an attacker who has compromised a non root account from reading your captcha.php file. But then you would not be able to run said file as a user needs read and execute permissions on the file if you wish to actually run the script.
Related
I have some forms that allow the user to upload files that only they can view so I will have to store them somewhere. However, I haven't been able to find any information about where these files would usually be stored if I want them to be kept on the local server. Therefore I have to assume that there is no convention for the permanent storage location of uploaded files. Am I correct in this assumption?
To be clear, I'm not talking about temporary storage locations.
Additionally, would it be a bad idea to have the storage location of all the files as a subfolder of the app directory (with gitignore enabled on it)? Or would it be a better idea to have it outside of the app folder? Thanks!
There is no explicit convention on where to store user uploaded files.
However Laravel ships with a storage directory where it stores framework related data such as cache, sessions, etc. As the name denotes it's a good place to store files, not just framework files. Also the Laravel Filesystem Documentation mentions that the default configured location is storage/app (but that can be changed to fit your needs):
When using the local driver, note that all file operations are relative to the root directory defined in your configuration file. By default, this value is set to the storage/app directory. Therefore, the following method would store a file in storage/app/file.txt: Storage::disk('local')->put('file.txt', 'Contents');
This storage/app folder will by default be ignored by Git.
If you also need the files to be publicly available, then you have two options:
1. Store them somewhere in the public directory.
2. Store them in the storage directory as suggested above and create a symbolic link to the folder from a public location. On Linux you can run this:
ln -s /path/to/laravel/public/files /path/to/laravel/storage/app/files
Of course the directory names can be whatever you like, I used files as an example.
The first option is for cases where you don't have shell access or are otherwise unable to create symbolic links. So if possible I suggest you use the second option.
Laravel uploads to the temporary file path, then you will have to move the file:
$request->file('photo')->move($destinationPath);
This method will move the file from its temporary upload location (as determined by your PHP configuration) to a more permanent destination of your choosing.
SOURCE: https://laravel.com/docs/master/requests#files
I have a Laravel 5 project in which I am uploading files in database in Medium Blob format.
But uploading files in database takes some extra time to execute.
Uploading files in database is a secured way to keep files safe from crawlers or some bots.
I have tried to Upload files to the Public folder. But the crawlers can open these files.
Is there any possible way to upload files in the file system?
So that the Crawlers cannot open these files.
I want these files to be Secured
you can upload them outside of the public scope. For example, storage/ folder is a good place. Also, you can grab them using the file system manager. Take a look:
$image = \Storage::get('file.jpg');
Edit
A correct laravel installation just allow the content of public/ to be accesible via web browser. If other directories as storage/ or resources/ are public too, then you installation is really incorrect.
Said that, once you upload the files in storage/ folder nobody can access them except by you using the \Storage facade. When you call for example \Storage::get('file.jpg'); it returns an stream of bits that you can allocate them in a temporary folder and then display it in the webside. Once the request has finished, the image will disappear again from public domain.
No need to change the directory this can be achieved by two ways
LazyOne Answer using .htaccess
AND
Using robots.txt
I will suggest to implement both .htaccess and robots.txt as some cheap crawlers ignore robots.txt but they can't ignore .htaccess
You can follow this method
image-accessibility-for-authenticated-users-only
As this only allows authorized uses to view image
I am developing a web application for my client using Code Igniter and i need to hide and secure some ZIP, JPG and PDF files on server so that they are not accessible by non users. Only people who are logged in and are the owners of Files can access the files. This is very similar to secure file sharing websites.
it is very similar to any paid file sharing site like only people who paid for files can download files. In my case only those who have uploaded and who shared the files with other can download files.
Please tell me how can i do this..
Thanks
Sajid
One method is to keep the files above the web root (so not publicly accessible) and have the link to them point to a function that will check if logged in (or other parameters you want) and if everything is OK, then serve the file(s).
I want to update my app's database with dropbox.
It should download some files and db file located in specific folder in my Dropbox account.
The algorithm is something like this:
1. App makes request to shared folder and downloads db by specified name(like myapp.db)
2. App reads db, get list of file to download and looking for them in shared folder
3. App downloads this files from shared folder
Is it possible? I don't want to show any authentication requests to user, and actually user can't be authenticated since he just get access to shared folder in my account.
Can I do this with Dropbox API?
platform is os x
You don't need to use the Dropbox API to do this. Just put the public URL for myapp.db into the app, and in myapp.db put all the URLs of the files. Then you're not even tied to Dropbox, since all you need is public URLs. Note that Dropbox has bandwidth limits, so if this is a heavily-used app, you might want to put these on a more appropriate host like S3. Using direct URLs gives you the flexibility to change hosts in the future.
I am getting an HTTP error while uploading an image using the flash uploader, for all users except the admin user. The error is occuring even with users that have administrative priviledges.
Since the admin user does not get an error I doubt is would be a directory security issue - nevertheless I recusively chmoded the uploads directory to 777.
To make things even more strange, I have another blog, using the same plugins and template (through symbolic links) where all authors can upload new images.
The files from both blogs are identical, except for the wp-config that contains different DB and language settings. The blog giving the error in set to fr_FR i18n.
Any help would be greatly appreciated.
This still sounds like a permissions issue. Let me ask you this, what type of hosting environment do you have? Shared, dedicated, semi-dedicated? Sometimes the shared environment blocks you from actually changing the chmod permissions. If you do have the ability to successfully change permissions, chmod 777 for your uploads directory should work, unless your public/php user is impersonating another user account. Could this be the case?
Are the environments the same between both blogs?
What is the error code/message you get when trying to upload with a user other than the admin?
Do you have your uploads directory set properly in your miscellaneous settings? If so, can you view these images at their direct location after uploading them with the admin account?
Sorry pose more questions, but I think it will help narrow it down a little more.
Acorn