php - How to securely share a link to others - Laravel 5 -

-

hi making call recording system, basically, there's admin , user. admin upload call recording file stored in file system. admin assign user call recording user can see.

so in database have

recordingstable ->id ->name ->path ->filename

then designation table store assigned call recording user.

designationtable ->id ->user_id ->recording_id

i make function user can see , play recording assigned him/her. problem user share recording else. done that, loading the assigned recording user, , in his/her dashboard there's public link video,

<a href="http://localhost/callrec/public/recording/{!! $value->recordid !!}">see public link</a>

as can see i'm using blade template. can

$value->recordid recording id resource, let's link directed to

http://localhost/callrec/public/recording/1

then link public , user can share it. there's risk, when he/she shared id link can altered, let's http://localhost/callrec/public/recording/4 , if id existing can accessed supposed not coz user shared id = 1 . how approach problems this? ideas , suggestions? thanks!

if use id in url, noticed it's easy guess other possible ids, change url , access other recordings. need share links containing value users won't able guess. 1 example hash of recording id using secret value hash - e.g. app_key value.

what need is:

  1. add string hash column recording table

  2. when recording created, calculate hash , save recording:

    $recording = recording::create($attributes); $recording->hash = base64_encode(hash::make                        ($recording->recordid . config::get('app_key'))); $recording->save();

  3. use hash in urls

    <a href="http://localhost/callrec/public/recording/{!! $value->hash!!}">    see public link </a>

this way links publicly available, guessing hash of recording more or less hard guessing passwords in application same logic applied. make sure keep app_key safe.


Comments

Post a Comment

Popular posts from this blog

yii2 - Yii 2 Running a Cron in the basic template -

-
i have seen instructions on running cron in advanced template, cant figure out how on basic template. have following controller in basic controllers folder. <?php namespace app\controllers; use yii\console\controller; /** * cron controller */ class croncontroller extends controller { public function actionindex() { echo "cron service runnning"; } public function actionmail($to) { echo "sending mail " . $to; } } i have navigated root of application , tried these comands yii cron php yii cron im getting unknown comand "cron" i know old question failed find actual answer this. if @ code yii exec file you'll notice requires /common/config/aliases.php file console/config/main.php. can naturally change these or copy on these advanced template. hope solves problem wanting same thing.
Read more

asp.net - 'System.Web.HttpContext' does not contain a definition for 'GetOwinContext' Mystery -

-
i realize question might seem trivial some, it's these types of things find myself fighting quite bit , want make sense of despite seeming losing battle in .net (for me anyway). so, if following: using system.web; ... applicationuser user = system.web.httpcontext.getowincontext().getusermanager<applicationusermanager>().findbyid(system.web.httpcontext.user.identity.getuserid()); that produces error in title , red getowincontext() , error cannot resolve symbol 'getowincontext()' however, if following (remove system.web in front of httpcontext ), works expected (or @ least no errors): using system.web; ... applicationuser user = httpcontext.getowincontext().getusermanager<applicationusermanager>().findbyid(system.web.httpcontext.user.identity.getuserid()); however, if (same line that's working using system.web commented out): //using system.web; ... applicationuser user = httpcontext.getowincontext().getusermana...
Read more

mercurial graft feature, can it copy? -

-
there new feature in mercurial 3, called 'graft' (graft local). job of moving change-set different branch. is there way "copy" change-set branch? i interested in in moving stuff qa branch production branch, still need code reside in qa. want copy. found , have tried few things, maybe it'll become clear more tinkering , reading... does have better way of 'cherry picking' change-sets move cross branch (or trunk)??? graft copies changesets, doesn't move them. hg graft (emphasis mine): this command uses mercurial's merge logic copy individual changes other branches without merging branches in history graph. known 'backporting' or 'cherry-picking' . default, graft copy user, date, , description source changesets.
Read more