Il giorno 15/apr/2014, alle ore 10:39, Smart Cris <[email protected]> ha scritto:
> My link show only part of the url, but Imho there is no solution to keep > things safe on the client side, even with a simple "/download/ID_IMAGE" a > malicious user can easily rebuild the protected link, One thing is rebuild the protected link, another is that the protected link send the image to the client and not the web server. If your backend can intercept the file request (client browser does not request the original file but a "/download/ID_IMAGE") then it can check if the user has the permission to access to that file and so it is useless know the protected link. No file is send without permission. And if the user can access the file, the backend does not redirect him (browser) to the original file but send the file to him. It is different. M. -- Davide Morelli [email protected] -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
