So, I have this app where users have profile pictures. Every time the user changes profile picture, the image also needs to be uploaded to a remote server so that other people can obviously see the profile image when visiting their profile. That is, the users themselves know nothing of the remote image upload, that is handled by their client app in the background.
Now, I do know that there is the NGCordova File Transfer plugin. I am still quite new to web programming, and I haven't worked much with file uploads before. What I know I probably need to do is have a C# MVC (This is used in the project) controller endpoint which accepts the file and processes it. However, what I am quite unsure about is how to handle basic security. See, I don't want to just have this public endpoint where anyone could theoretically just make post requests to and thus upload files to the server. That would not fly.
How do I handle this problem? Can I use FTP upload directly with the NGCordova File Transfer plugin? That is, the client apps actually just somehow provide FTP password and login and then upload the image directly to a directory on the server? That is, something like this:
document.addEventListener('deviceready', function () {
$cordovaFileTransfer.upload("ftp://username:password@pathToImageDirectoryOnServer", PathToLocalFileToUpload, options)
.then(function(result) {
// Success!
}, function(err) {
// Error
}, function (progress) {
// constant progress updates
});
}, false);
Or do I need the endpoint and then somehow pass some encrypted headers from the client containing, say, a password that would need to be validated in order for the file to be successfully uploaded? That is, more like:
document.addEventListener('deviceready', function () {
$cordovaFileTransfer.upload(PathToControllerEndPoint, PathToLocalFileToUpload, { passwordParameter: encryptedPassword })
.then(function(result) {
// Success!
}, function(err) {
// Error
}, function (progress) {
// constant progress updates
});
}, false);
And then simply have the controller decrypt it and validate.
Thank's for the help! :)
It is really very helpful for us and I have gathered some important information from this blog.
RépondreSupprimerIonic Framework Development Company India