I have developed a social networking site for gardeners website, and am interested in giving users the ability to add images to their "tweets".
我为园丁网站开发了一个社交网站,并且有兴趣让用户能够在他们的“推文”中添加图片。
If I allow them to upload images to the actual site, it seems like this will quickly become expensive (this is a side project, not funded by anyone than myself and my own obsessions). Let's say the site becomes moderately popular, with 100K users posting one image a week, of only 250K in size. That's (100000 * .1 * 52 / 1024) = 508 MB/year in storage (and that doesn't take into account increased bandwidth). Plus I'd have to increase the server load to scale the images. I'm not sure if I should just go ahead with this, or if there are better possibilities.
如果我允许他们将图像上传到实际网站,这似乎会很快变得昂贵(这是一个副项目,没有任何人资助,而不是我和我自己的痴迷)。假设网站变得适度受欢迎,每周有100K用户发布一张图片,大小只有250K。那是(100000 * .1 * 52/1024)= 508 MB /年的存储空间(并没有考虑到增加的带宽)。另外,我必须增加服务器负载以缩放图像。我不确定我是否应该继续这样做,或者是否有更好的可能性。
Linking to other sites seems better in some ways. You do have broken links, but a larger concern for me is security: XSS.
在某些方面,链接到其他网站似乎更好。你确实有破坏的链接,但对我来说更大的担忧是安全性:XSS。
The application is on Rails 3, using MongoDB / Mongoid as the backend, if that matters.
应用程序在Rails 3上,使用MongoDB / Mongoid作为后端,如果这很重要的话。
I'm looking for solutions such as:
我正在寻找解决方案,例如:
- APIs that store images on external sites. What would be ideal is the ability to upload it to my site, and make an API call to store it on an external site.
- APIs (perhaps Javascript APIs) that make it easy to link to one or more external image hosting sites securely.
- Markdown or similar markup that allow linking to external images securely. I am interested in giving users the ability to format their posts in limited ways, so this might solve two problems at the same time. I notice that this is what Stack Overflow does.
- Security libraries that whitelist image URL patterns
- Advice on why I am thinking about this problem wrong. For example, maybe I should just store the images. 500MB a year is really not all that expensive, and it does allow me to create a very clean user experience.
在外部站点上存储图像的API。什么是理想的是能够将其上传到我的网站,并进行API调用以将其存储在外部网站上。
API(可能是Javascript API),可以轻松安全地链接到一个或多个外部图像托管站点。
Markdown或类似的标记,允许安全地链接到外部图像。我有兴趣让用户能够以有限的方式格式化他们的帖子,因此这可能同时解决两个问题。我注意到这就是Stack Overflow的作用。
将图像URL模式列入白名单的安全库
关于为什么我认为这个问题错误的建议。例如,也许我应该存储图像。每年500MB并不是那么昂贵,它确实让我创造了非常干净的用户体验。
My objectives are (in order): - Secure, both for my own site, and to not allow XSS attacks against other sites - Best possible user experience - Easy to maintain and implement
我的目标是(按顺序): - 安全,无论是对我自己的网站,还是不允许对其他网站进行XSS攻击 - 最佳用户体验 - 易于维护和实施
What have you done to allow user-supplied images on your site?
您在网站上允许用户提供的图像做了什么?
3 个解决方案
#1
2
Why not using a service like Amazon s3? Is cheap, very cheap (With the Reduced Redundancy Storage), and the most important plugins like Paperclip support it out of the box...
为什么不使用亚马逊s3这样的服务?便宜,非常便宜(使用Reduced Redundancy Storage),像Paperclip这样最重要的插件支持开箱即用......
#2
4
You're thinking about the problem wrong ;) or rather not at the right time.
你在考虑问题是错误的;)或者说不是在正确的时间。
Don't worry about the bandwidth now, when you don't have that many users yet. Concentrate on making the site user friendly and popular first. Performance, bandwidth, disk space - these are the things you'll work on when they become problems. By the time you've 100k users the cost of buying that space and bandwidth on, say, Amazon S3 may not be an issue anymore.
当你还没有那么多用户时,现在不要担心带宽。专注于使网站用户友好和受欢迎第一。性能,带宽,磁盘空间 - 这些是您在遇到问题时要处理的事情。当您拥有100k用户时,购买该空间和带宽的成本,例如,Amazon S3可能不再是一个问题。
#3
0
You will need to look at the T&C of picture hosts (flickr etc...) and see if your usage is applicable. Flickr has an API, not sure about the others just search for HOST api.
您需要查看图片主机的T&C(flickr等...),看看您的用法是否适用。 Flickr有一个API,不确定其他人只是搜索HOST api。
Flickrs api is at: http://www.flickr.com/services/api/
Flickrs api位于:http://www.flickr.com/services/api/
#1
2
Why not using a service like Amazon s3? Is cheap, very cheap (With the Reduced Redundancy Storage), and the most important plugins like Paperclip support it out of the box...
为什么不使用亚马逊s3这样的服务?便宜,非常便宜(使用Reduced Redundancy Storage),像Paperclip这样最重要的插件支持开箱即用......
#2
4
You're thinking about the problem wrong ;) or rather not at the right time.
你在考虑问题是错误的;)或者说不是在正确的时间。
Don't worry about the bandwidth now, when you don't have that many users yet. Concentrate on making the site user friendly and popular first. Performance, bandwidth, disk space - these are the things you'll work on when they become problems. By the time you've 100k users the cost of buying that space and bandwidth on, say, Amazon S3 may not be an issue anymore.
当你还没有那么多用户时,现在不要担心带宽。专注于使网站用户友好和受欢迎第一。性能,带宽,磁盘空间 - 这些是您在遇到问题时要处理的事情。当您拥有100k用户时,购买该空间和带宽的成本,例如,Amazon S3可能不再是一个问题。
#3
0
You will need to look at the T&C of picture hosts (flickr etc...) and see if your usage is applicable. Flickr has an API, not sure about the others just search for HOST api.
您需要查看图片主机的T&C(flickr等...),看看您的用法是否适用。 Flickr有一个API,不确定其他人只是搜索HOST api。
Flickrs api is at: http://www.flickr.com/services/api/
Flickrs api位于:http://www.flickr.com/services/api/