Hi,
I have an application which requires a user to upload some files. They are
then saved somewhere. Currently that place is in the context, so for
example:
${context:/userfiles/}${user.name}/{$id}/${filename}
I do not think this is the best way to do it, as that means anyone who
knows that URL can go to it and see that file. These files should be
restricted for my application so only a particular user can see them.
I need to be able to access the files in two ways:
1- To do some processing on the server side, currently this is done with a
File object which has a full path on the local file system.
2- To be able to send that content to the user, currently this is done by
using ${context:/}... etc.
For example, the file may be a PDF. I may need to do something on the
server with that PDF, but I would also like to be able to embed that pdf
which I can currently do like this:
<object width="400" height="500" type="application/pdf"
data="${context:/userFiles}${fileUrlWithinContext}" id="pdf_content">
<p>The PDF cannot be displayed, please update your browser.</p>
</object>
If I wish to be able to serve this file, I believe it needs to be within
the context (Or maybe this is where I am wrong, but I can't find how else
to serve files). From there I can also mess with it on the server since I
have the local path to it. However, is there a way to protect these files?
I assume I am doing something very, very wrong here but I just don't know
exactly what. I'd really appreciate some guidance.
Thanks,
Steve
