Javascript-[solved] How does a website store images that involve important user privacy?

How can I store images, such as ID cards? Images can only be accessed by users and the website background, but cannot be accessed by other users (other users cannot access images even if they have image src ). Is the local storage space not enough? Is it reliable for third parties? What mature solutions are available? How can I store images, such as ID cards?

Images can only be accessed by users and the website background, but cannot be accessed by other users (other users cannot access images even if they have image src ).

Is the local storage space not enough? Is it reliable for third parties? What mature solutions are available?

Reply content:

How can I store images, such as ID cards?

Images can only be accessed by users and the website background, but cannot be accessed by other users (other users cannot access images even if they have image src ).

Is the local storage space not enough? Is it reliable for third parties? What mature solutions are available?

After reading the upyun interface, you can use the token anti-leech method.

Because the _ upt parameter is required to access img in this way,

So we want users to truly access the image mybucket.uw.yun.com/ Before/target.jpg, do

1. Determine whether the currently logged-on user has Access Permissions /Target.jpg

2. If you have access permissions, generate the _ upt parameter (the _ upt parameter is based on the private token, the etime that can be accessed in the next few minutes, And the File url, generated by these three parameters)

3. Append this _ upt to the image url to get mybucket.uw.yun.com/ /Target.jpg? _ Upt = xxxxxxx

In this way, users can access images. Each time they access images, they must obtain the _ upt parameter, while _ upt must be obtained through the authentication of our own server, and _ upt is time-sensitive, the user must obtain the _ upt again after the specified time.

Upyun documentation

Check whether there is a scheme to generate tokens Based on ak + sk + timestamp (the generated tokens can be used to access resources within the validity period ).

1. Do not keep the name of the saved image regular.
For example, md5 can be used to add n-bit random numbers to the current Image Upload time, And the generated value is used as the image name.
2. images can be placed on a third-party cdn
For example, qiniu and ucloud, the speed and service are relatively reliable.

In your case, symmetric encryption should be performed on image files, such as AES and keys generated in a specific way for each user. This is because images are not frequently used and can be decrypted temporarily during use.

Now, for file storage, it is more convenient for mature service providers (such as qiniu and others) to handle security issues. They help you handle such problems. You only need to host the files, record the information returned by the third-party service (external links and other information. You need to determine the access permission at the program logic layer.