CodeIgniter Forums
Security and File Upload in CodeIgniter: Best Practices to Keep Images Out of the Pub - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: Security and File Upload in CodeIgniter: Best Practices to Keep Images Out of the Pub (/showthread.php?tid=88168)



Security and File Upload in CodeIgniter: Best Practices to Keep Images Out of the Pub - tarcisiodev1 - 08-01-2023

I'm working on a project in CodeIgniter and I'm looking for a secure way to handle file uploads, such as images, without directly exposing them in the public folder. I would like to know the best practices and recommended methods for securely handling file uploads in CodeIgniter while keeping the files out of the public folder to prevent direct web access. Thank you for sharing your experiences and suggestions!


RE: Security and File Upload in CodeIgniter: Best Practices to Keep Images Out of the Pub - luckmoshy - 08-02-2023

do 
PHP Code:
$filepath WRITEPATH 'uploads/' $img->store(); 



RE: Security and File Upload in CodeIgniter: Best Practices to Keep Images Out of the Pub - tarcisiodev1 - 08-02-2023

(08-02-2023, 04:15 AM)luckmoshy Wrote: do 
PHP Code:
$filepath WRITEPATH 'uploads/' $img->store(); 

But if I display this link to the image/file in the view, will it be accessible even though it is not in the public folder, or do I need to make any other configuration? Is there a specific route or controller method I should set up to handle file requests securely and serve them with the necessary headers?

(08-02-2023, 04:15 AM)luckmoshy Wrote: do 
PHP Code:
$filepath WRITEPATH 'uploads/' $img->store(); 

What method should I use to access files with non-public access levels and render them in the view without being in the public folder?


RE: Security and File Upload in CodeIgniter: Best Practices to Keep Images Out of the Pub - sheilaf - 08-02-2023

You need create a method to read the image file and send it's contents to the browser with the correct header.
See this for some hints on how to do with straight PHP:
https://stackoverflow.com/questions/29773995/serving-private-images-using-php


RE: Security and File Upload in CodeIgniter: Best Practices to Keep Images Out of the Pub - InsiteFX - 08-02-2023

[RESOLVED] Hide Image Source using PHP and Sessions


RE: Security and File Upload in CodeIgniter: Best Practices to Keep Images Out of the Pub - tarcisiodev1 - 08-09-2023

(08-02-2023, 10:48 PM)InsiteFX Wrote: [RESOLVED] Hide Image Source using PHP and Sessions


I really appreciate your help,


Thank you very much