Page 1 of 1

How to eliminate direct access to binary data

Posted: Sun Aug 17, 2008 4:26 pm
by sphoenixee
Hello,

First post here :)

Apologies if this has been answered a thousand times already.

Basically, here's what I want to do:
I have some images and audio clips on my server.
I do not want people to access these directly.
I have a PHP script that displays these images/audio.
Only registered users can access the PHP script.
However, registered users still should not be able to access the files directly.

I thought of a few ways, and was hoping you guys could give thoughts on how well these ways work and suggest other methods too. I'm very new at web programming, and would be interested in hearing ideas you guys have. Thanks!

Way 1:
Use htaccess to restrict access to images in a directory. PHP has the user/pw for that and so can access the files, but other people cannot.

Way 2:
Put the files in a directory that is not accessibly via http. PHP can still access those but other people cannot accdess them directly.

The context of all this is that I am writing an RIA in Flex that will query PHP for data, both from MySQL and from images and audio. I want people to only be able to access that data from the Flex program, and not just paste in URLs and steal my images/audio.

Thanks.

sphoenixee

Re: How to eliminate direct access to binary data

Posted: Mon Aug 18, 2008 5:45 am
by Mordred
Way2, and don't forget to check that the user is authorized to see the content in the PHP script that serves it.

Re: How to eliminate direct access to binary data

Posted: Mon Aug 18, 2008 7:21 am
by sphoenixee
Thanks mordred.

Ok, I will try way 2 then. Any other methods would be very welcome.

Slightly on a tangent, I would I use PHP to display the binary data? Should I set the Content-type and then use readfile (or maybe imagecreatefromxxx for images)? Are there better methods?

Thanks again.

Re: How to eliminate direct access to binary data

Posted: Mon Aug 18, 2008 9:55 am
by Mordred
readfile() does all the job in a single system call, so you can't go any faster than that with PHP.

Re: How to eliminate direct access to binary data

Posted: Thu Aug 28, 2008 12:28 am
by richardchaven
This is exactly what I am learning to do as well: use PHP to create simple back-end servers to support Flex applications.

I am collecting patterns and examples for a web site (or book?).

Please contribute!