显示来自tmp目录的图像。

时间:2021-02-14 00:24:04

I have the following. A website that create temporarily images in the /tmp folder on the Linux server. The reason why I store it within this folder is since these images need to be cleared once in a while and it's so much easier just to clear the tmp directory using tmpwatch. Now my issue is to display the image within my browser?

我有以下。在Linux服务器上的/tmp文件夹中创建临时图像的网站。我之所以将它存储在这个文件夹中,是因为这些图像需要偶尔清除一次,使用tmpwatch清除tmp目录要容易得多。现在我的问题是在浏览器中显示图像?

Code

代码

<img src="/tmp/3d34636.png" alt="image" />  

I'm running Centos with PHP

我用PHP运行Centos

3 个解决方案

#1


1  

The trouble here, is that this img tag will be processed by the browser (the client). This client does not have access to the filesystem of the HTTP server.

这里的问题是,img标记将由浏览器(客户机)处理。此客户机无法访问HTTP服务器的文件系统。

Therefore, you have either to define the /tmp directory to be a valid location of your HTTP server, using the files in /tmp/ directory (but note that it would serve any other file contained in this directory, potentialy a security risk).

因此,您必须使用/tmp/目录中的文件将/tmp目录定义为HTTP服务器的一个有效位置(但请注意,它将服务于该目录中包含的任何其他文件,可能存在安全风险)。

Or you store these generated images in a subdirectory that is already served by your HTTP server.

或者将这些生成的映像存储在HTTP服务器已经服务的子目录中。

It may also be possible to define this /tmp location on the server to be served by a script that would analyse the URL containing the image filename. This script would then open the file in /tmp/ and serve it.

还可以定义服务器上的这个/tmp位置,由一个脚本提供服务,该脚本将分析包含映像文件名的URL。然后该脚本将在/tmp/中打开文件并为其提供服务。

#2


2  

@Didier already outlines the issue and the security risks. Even if you built a PHP script that accepts the file name as a parameter, and then passes through the file from the /tmp directory, you would be mixing public content with temp files that can contain sensitive data. You would have to keep a list of which files were generated by your script and are okay to display, and which ones are not, otherwise it would be a security hole.

@Didier已经概述了这个问题和安全风险。即使您构建了一个PHP脚本,它接受文件名作为参数,然后从/tmp目录中传递文件,您也会将公共内容与包含敏感数据的临时文件混合在一起。您必须保留一个列表,其中哪些文件是由您的脚本生成的,哪些文件是可以显示的,哪些没有,否则这将是一个安全漏洞。

I'd say forget /tmp for this despite the advantages, and store your images in a sub-directory of their own. Delete them frequently (e.g. using a cron job, or based on file age or the "last accessed" time).

尽管有这些优点,我还是会说忘记/tmp,并将您的映像存储在它们自己的子目录中。经常删除它们(例如使用cron作业,或者基于文件年龄或“最后访问”时间)。

#3


1  

You can get tmpwatch to clean up another directory by creating a cron job that runs the command:

您可以通过创建运行该命令的cron作业来获得tmpwatch来清理另一个目录:

/usr/sbin/tmpwatch -umc 240 /path/to/directory

The 240 is the number of hours that the files haven't been used for before deletion (in this case 10 days). See man tmpwatch for full details.

240是文件在删除之前没有使用的小时数(在本例中是10天)。详见man tmpwatch。

#1


1  

The trouble here, is that this img tag will be processed by the browser (the client). This client does not have access to the filesystem of the HTTP server.

这里的问题是,img标记将由浏览器(客户机)处理。此客户机无法访问HTTP服务器的文件系统。

Therefore, you have either to define the /tmp directory to be a valid location of your HTTP server, using the files in /tmp/ directory (but note that it would serve any other file contained in this directory, potentialy a security risk).

因此,您必须使用/tmp/目录中的文件将/tmp目录定义为HTTP服务器的一个有效位置(但请注意,它将服务于该目录中包含的任何其他文件,可能存在安全风险)。

Or you store these generated images in a subdirectory that is already served by your HTTP server.

或者将这些生成的映像存储在HTTP服务器已经服务的子目录中。

It may also be possible to define this /tmp location on the server to be served by a script that would analyse the URL containing the image filename. This script would then open the file in /tmp/ and serve it.

还可以定义服务器上的这个/tmp位置,由一个脚本提供服务,该脚本将分析包含映像文件名的URL。然后该脚本将在/tmp/中打开文件并为其提供服务。

#2


2  

@Didier already outlines the issue and the security risks. Even if you built a PHP script that accepts the file name as a parameter, and then passes through the file from the /tmp directory, you would be mixing public content with temp files that can contain sensitive data. You would have to keep a list of which files were generated by your script and are okay to display, and which ones are not, otherwise it would be a security hole.

@Didier已经概述了这个问题和安全风险。即使您构建了一个PHP脚本,它接受文件名作为参数,然后从/tmp目录中传递文件,您也会将公共内容与包含敏感数据的临时文件混合在一起。您必须保留一个列表,其中哪些文件是由您的脚本生成的,哪些文件是可以显示的,哪些没有,否则这将是一个安全漏洞。

I'd say forget /tmp for this despite the advantages, and store your images in a sub-directory of their own. Delete them frequently (e.g. using a cron job, or based on file age or the "last accessed" time).

尽管有这些优点,我还是会说忘记/tmp,并将您的映像存储在它们自己的子目录中。经常删除它们(例如使用cron作业,或者基于文件年龄或“最后访问”时间)。

#3


1  

You can get tmpwatch to clean up another directory by creating a cron job that runs the command:

您可以通过创建运行该命令的cron作业来获得tmpwatch来清理另一个目录:

/usr/sbin/tmpwatch -umc 240 /path/to/directory

The 240 is the number of hours that the files haven't been used for before deletion (in this case 10 days). See man tmpwatch for full details.

240是文件在删除之前没有使用的小时数(在本例中是10天)。详见man tmpwatch。