You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
As part of a project that handles sensitive images/documents how would you go about making sure that only the right users can view a certain media?
Currently my idea is the following:
Store everything in the storage/app folder instead of the public one.
Make sure that the generated url for a media is /media/{media-id}-filename.extension
Create a controller that handles all the calls coming in from /media
In the controller run the policy of the model connected to the media, and either return the media or return an error.
My doubts are the following:
Is this solution secure and well performing?
Is there a way to defer the download and check for permissions to something like S3, or the file has to be obligatorily streamed from my server in order for me to check for permission?
Thank you for your time!
The text was updated successfully, but these errors were encountered:
Hello,
As part of a project that handles sensitive images/documents how would you go about making sure that only the right users can view a certain media?
Currently my idea is the following:
storage/app
folder instead of thepublic
one./media/{media-id}-filename.extension
/media
My doubts are the following:
Thank you for your time!
The text was updated successfully, but these errors were encountered: