Typically file servers are used to store images for a web application. For more security and control you'd go for storing images in database. But this proves to be complex and slow.
通常,文件服务器用于存储Web应用程序的映像。为了更安全和控制,您可以将图像存储在数据库中。但事实证明这是复杂而缓慢的。
Are there other mainstream options available other than db/file server, to store images securely with user permissions, etc.
除了db / file服务器之外是否还有其他主流选项可以安全地存储具有用户权限的图像等。
Edit: I'm deployed on amazon cloud and use postgresql as db.
编辑:我部署在亚马逊云上并使用postgresql作为db。
3 个解决方案
#1
3
SQL Server 2008 offers the Filestream storage wich allows you to store data in the filesystem, yet accessing it thorugh the database. It can be useful if your only concern with using a database is performance.
SQL Server 2008提供了Filestream存储,它允许您将数据存储在文件系统中,然后通过数据库访问它。如果您只关心使用数据库是性能,那么它会很有用。
#2
2
If images are stored in a folder that has no direct web access permissions you can then do
如果图像存储在没有直接Web访问权限的文件夹中,则可以执行此操作
<img src="getimage.aspx?id=1234">
and have your GetImage "page" do any appropraite permissions test (e.g. using session ID) and then "deliver" the image from the secure folder.
并让你的GetImage“页面”进行任何适当的权限测试(例如使用会话ID),然后从安全文件夹“传递”图像。
Downside is that the image is not cached I think? but I expect that is true of the database route too.
缺点是我认为图像没有缓存?但我希望数据库路线也是如此。
Storing images in the phyiscal database bloats the database, increasing backup & restore times; but it provides a single container which is great if you want to move everything to a new / multiple servers, or if ensuring referential integrity between Image and other data in the DB is important
在phyiscal数据库中存储图像会使数据库膨胀,从而增加备份和恢复时间;但它提供了一个单独的容器,如果您想将所有内容移动到新的/多个服务器,或者确保图像与数据库中的其他数据之间的参照完整性很重要
#3
0
Are you are concerned about people guessing a URL and directly accessing an image?
您是否担心人们猜测URL并直接访问图像?
If so, you can still place the images on the filesystem, just outside your www directory. You create a page called ImageServer.php/.aspx/.jsp, grabs the image off of the filesystem and then serves it in response to a URL like:
如果是这样,您仍然可以将图像放在文件系统上,就在www目录之外。您创建一个名为ImageServer.php / .aspx / .jsp的页面,从文件系统中抓取图像,然后提供它以响应以下URL:
ImageServer.php?image=BlueWhale.png
If you do this, be careful to correctly set the MIME type and expiry headers because Apache/IIS won't do it for you.
如果这样做,请小心正确设置MIME类型和到期标头,因为Apache / IIS不会为您执行此操作。
#1
3
SQL Server 2008 offers the Filestream storage wich allows you to store data in the filesystem, yet accessing it thorugh the database. It can be useful if your only concern with using a database is performance.
SQL Server 2008提供了Filestream存储,它允许您将数据存储在文件系统中,然后通过数据库访问它。如果您只关心使用数据库是性能,那么它会很有用。
#2
2
If images are stored in a folder that has no direct web access permissions you can then do
如果图像存储在没有直接Web访问权限的文件夹中,则可以执行此操作
<img src="getimage.aspx?id=1234">
and have your GetImage "page" do any appropraite permissions test (e.g. using session ID) and then "deliver" the image from the secure folder.
并让你的GetImage“页面”进行任何适当的权限测试(例如使用会话ID),然后从安全文件夹“传递”图像。
Downside is that the image is not cached I think? but I expect that is true of the database route too.
缺点是我认为图像没有缓存?但我希望数据库路线也是如此。
Storing images in the phyiscal database bloats the database, increasing backup & restore times; but it provides a single container which is great if you want to move everything to a new / multiple servers, or if ensuring referential integrity between Image and other data in the DB is important
在phyiscal数据库中存储图像会使数据库膨胀,从而增加备份和恢复时间;但它提供了一个单独的容器,如果您想将所有内容移动到新的/多个服务器,或者确保图像与数据库中的其他数据之间的参照完整性很重要
#3
0
Are you are concerned about people guessing a URL and directly accessing an image?
您是否担心人们猜测URL并直接访问图像?
If so, you can still place the images on the filesystem, just outside your www directory. You create a page called ImageServer.php/.aspx/.jsp, grabs the image off of the filesystem and then serves it in response to a URL like:
如果是这样,您仍然可以将图像放在文件系统上,就在www目录之外。您创建一个名为ImageServer.php / .aspx / .jsp的页面,从文件系统中抓取图像,然后提供它以响应以下URL:
ImageServer.php?image=BlueWhale.png
If you do this, be careful to correctly set the MIME type and expiry headers because Apache/IIS won't do it for you.
如果这样做,请小心正确设置MIME类型和到期标头,因为Apache / IIS不会为您执行此操作。