edcruise
Jul 6th, 2009, 09:39 AM
Hi at all,
i'm developing a simple web app that maintains for each registered user a media library. All media items are stored into db table and phisically into a directory. More precisely i have a media directory container with all sub-directory for each user...
Media
|- user1
|- item 1
|- item 2
|- user2
|- item 1
|- item 2
|- user3
|- item 1
|- item 2
My doubt:
if i put media directory at same level of css or images directory (or rather public level), this will be accessible from other users...allowing for example, user2 to access user1 directory content, supposing user2 knows media items name of user1 contents and vice-versa.
I thought to write a servlet that returns a media item path based on request parameter...but i can't avoid the problem
Does exist a best practice to handle this case ?
any help is granted,
regards edcruise.
i'm developing a simple web app that maintains for each registered user a media library. All media items are stored into db table and phisically into a directory. More precisely i have a media directory container with all sub-directory for each user...
Media
|- user1
|- item 1
|- item 2
|- user2
|- item 1
|- item 2
|- user3
|- item 1
|- item 2
My doubt:
if i put media directory at same level of css or images directory (or rather public level), this will be accessible from other users...allowing for example, user2 to access user1 directory content, supposing user2 knows media items name of user1 contents and vice-versa.
I thought to write a servlet that returns a media item path based on request parameter...but i can't avoid the problem
Does exist a best practice to handle this case ?
any help is granted,
regards edcruise.