I apologize for my novice questions, but you guys have been a great help!
Problem:
I have a section of the website that must be secure. I have a typical PHP login script to access the web pages within this section. Within these pages images are called and displayed, these images are what needs to be secure from outside access.
The problem is, that while the PHP login keeps those pages from being displayed without a password, it does not not prevent the images from loading if the URL for said image is directly input into the browser.
I have set up a .htaccess file for the directory, and it stops linking from other sites, but not direct linking. It also prevents access to any sort of directory view. Given that the names of the images are a very long string of generated characters, is this reasonably secure? The people viewing through passworded access I have no problem with direct linking to images, it's outsiders that I want to avoid.
Appropriate Directory Security?
Moderator: General Moderators
Appropriate Directory Security?
Last edited by gm2 on Wed Dec 22, 2010 3:56 pm, edited 1 time in total.
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Appropriate Directory Security?
You could use HTTP access control or move your images outside of the public directory and access them through a PHP script (that does the access control)
(#10850)
Re: Appropriate Directory Security?
all of this is on a shared hosting account, so I don't believe I can do what I think you are saying.
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Appropriate Directory Security?
.htaccesswill protect the directory.
then authenticate the users for the proper permissions
then call the following function (or one similar to it), plugging in the path to the image dir or sub-dir and image filename to output the image stream to the browser:
Code: Select all
deny from allthen authenticate the users for the proper permissions
then call the following function (or one similar to it), plugging in the path to the image dir or sub-dir and image filename to output the image stream to the browser:
Code: Select all
<?php
function StreamImage($path,$image)
{
$the_image = $path.$image;
if (substr($image, -4) == ".png")
{
header("Content-type: image/png");
$im = imagecreatefrompng($the_image);
imagepng($im);
}
else if (substr($image, -4) == ".gif")
{
header("Content-type: image/gif");
$im = imagecreatefromgif($the_image);
imagegif($im);
}
else if (substr($image, -4) == ".jpg")
{
header("Content-type: image/jpeg");
$im = imagecreatefromjpeg($the_image);
imagejpeg($im);
}
imagedestroy($im);
}
?>- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Appropriate Directory Security?
Simpler would be to just set the MIME type and then use a function like passthru() to dump the image data to the browser.
(#10850)