I have a problem, I would like to store files outside the public folder using paperclip (to make them private), it would be very simple, just configure the :path option, but to retrieve those files (many of them images) I would need a controller method (ie. get_file), making very slow when you display a list of files with the "thumb" images. I was thinking to use a random name to store the files in the public, some cryptic name with SHA1 or something, how hard would it be to access a file.?
As long as you make sure that the directory is never listed and the name is really random (does not depend on the real name) and long enough (16 alphanumeric characters should be ok) this is a feasible and common method to do it.
Related
I have a bunch (roughly 10.000) of Images named "XXXXX.psd", where X is a number. Sometimes the name string is shorter (XXX.psd).
I also have a List which tells me which of these images I need, roughly 180 images every two weeks or so. I'd like to make an automation that takes said list and then automatically copies the needed images into a separate folder.
Any help is appreciated, I kno nothing about applescript or javascript, but am willing to try it :P
PS: The images are in separate folders. The list is a pdf but i managed to extract it into an xlsx/table, and could also just have it in plain txt.
Scenario: I'm uploading images to Rails ad hoc. I have the files linked from the database using a external ID # field (the images need to be attributed to the original artist, and this is the easiest way to do it). The files will be uploaded to public.
Problem: Some of the images are .jpg, others .png (might be others later). I can't put the files under assets/images since this requires the asset pipeline to be refreshed each time. ActionController::Base.helpers.resolve_asset_path(#external.id) and image_path(#external.id) work great when it's in the pipeline since I don't have to specify the exact file extension.
The only way I was able to do it was by concatenating/mapping, such as:
image_path("/#{#external.id}.jpg") || image_path("/#{#external.id}.png")
Not ideal, and not sure if there's a better way? Later, I'll probably look into another storage solution like a BLOB field or S3 bucket, but I wanted to know if there was a simple way to do it this until then.
I was asked to develop a game called "Flag Quiz" in which the player have to guess the correct name of the flag that appears in the middle of the screen.
Of course I have a lot of pictures (221 flags) and I have to put them inside the program because, when the button Play is pressed, the program has to pick randomly 10 of these flags.
Problem
I was thinking to use an ImageList but the flags are 480x311 and so Delphi asks me to separate the picutre in 30 different bitmaps. Can I do anything about this?
My idea, to avoid that problem, was the following (although I think that it's not very good): create 221 TPicture components (invisible to the user of course) and load in each of them a picture of a flag.
I'd prefer not using the last idea I had. Do you know any improvement?
This sort of problem is simply not suited to the form designer. You want to store 221 images, and managing that in the IDE will be horrible. Once you've got them all in you won't be able to see them readily because they will be base 16 encoded in a .dfm file. Under revision control it will be a mess because you won't be able to change individual images in a manageable and traceable manner.
The accepted way to do this is to use resources. If it were me, I'd arrange for my images to have predicatable names. For instance, flag1, flag2, etc. I'd generate a resource script (.rc) that listed all the flags. I'd compile that resource script to a compiled resource (.res) which is linked to the executable. I'd have the resource script and the image files committed to revision control.
Then at runtime you have a single TImage control to display the flag. Every time you need a new image you load it with TResourceStream, and push it into the TImage control.
Devexpress has a Componnect named cximagecolletion that you can put your images on it and save and load images from/to file
or you can save all flags in small access db and load it when you need using tadodataset
there is no doubt that if you put your images direct on your form your dfm grow very high and so you Get Into trouble
Personally I would store each file as an image in a dedicated subdirectory, using the country as a file name. Then I would read the subdirectory file names on entry to the program (so I have a list of countries that I can randomly choose from) and use TImage.LoadFromFile to display the flag. This is far easier to extend than using a resource file (IMHO).
Does Paperclip scans the files for errors, malicious software, viruses before uploading to database? If no, what are the viable solutions.
And, is it better to first create a separate folder for each user before they upload files and store in their respective folders? What are the merits and demerits of it? Is it possible to specify this with Paperclip?
Thanks
Re viruses etc, this might be useful - Rails / Heroku - How to anti-virus scan uploaded file?
Re storing each user's files in a seperate folder: the conventional way would be to store every FILE in a separate folder, and then link the files to the user via the database (eg a user_id field on the file records). As far as merits and demerits go, besides it not being conventional, one thing to bear in mind would be that if a user's files are stored in a single folder, then if they upload a two files with the same name then the second would overwrite the first (unless of course you put them in separate folders within the user's folder). This could be a good thing or bad thing depending on your requirements.
BTW - a slightly pedantic note: files aren't uploaded to the database (at least not normally) - they are uploaded to a filesystem, and a corresponding record is created in the database. The files don't go into the database (as i say, usually: it is possible to store files as blobs in the DB but it's not good practise and not usual).
I would like to create a simple file repository in Ruby on Rails. Users have their accounts, and after one logs in they can upload a file or download files previously uploaded.
The issue here is the security. Files should be safe and not available to anyone but the owners.
Where, in which folder, should I store the files, to make them as safe as possible?
Does it make sense, to rename the uploaded files, store the names in a database and restore them when needed? This might help avoid name conflicts, though I'm not sure if it's a good idea.
Should the files be stored all in one folder, or should they be somewhat divided?
rename the files, for one reason, because you have no way to know if today's file "test" is supposed to replace last week's "test" or not (perhaps the user had them in different directories)
give each user their own directory, this prevents performance problems and makes it easy to migrate, archive, or delete a single user
put metadata in the database and files in the file system
look out for code injection via file name
This is an interesting question. Depending on the level of security you want to apply I would recommend the following:
Choose a folder that is only accessible by your app server (if you chose to store in the FS)
I would always recommend to rename the files to a random generated hash (or incremntally generated name like used in URL shorteners, see the open source implementation of rubyurl). However, I wouldn't store them in a database because filesystems are built for handling files, so let it do the job. You should store the meta data in the database to be able to set the right file name when the user downloads the file.
You should partition the files among multiple folders. This gives you multiple advantages. First, filesystems are not built to handle millions of files in a single folder. If you have operations that try to get all files from a folder this takes significantly more time. If you obfuscate the original file name you could create one directory for each letter in the filename and would get a fairly good distributed number of files per directory.
One last thing to consider is the possible collision of file names. A user should not be able to guess a filename from another user. So you might need some additional checks here.
Depending on the level of security you want to achieve you can apply more and more patterns.
Just don't save the files in the public folder and create a controller that will send the files.
How you want to organise from that point on is your choice. You could make a sub folder per user. There is no need to rename from a security point of view, but do try to cleanup the filename, spaces and non ascii characters make things harder.
For simple cases (where you don't want to distribute the file store):
Store the files in the tmp directory. DON'T store them in public. Then only expose these files via a route and controller where you do the authentication/authorisation checks.
I don't see any reason to rename the files; you can separate them out into sub directories based on the user ID. But if you want to allow the uploading of files with the same name then you may need to generate a unique hash or something for each file's name.
See above. You can partition them any way you see fit. But I would definitely recommend partitioning them and not lumping them in one directory.