How to eliminate direct access to binary data
Posted: Sun Aug 17, 2008 4:26 pm
Hello,
First post here
Apologies if this has been answered a thousand times already.
Basically, here's what I want to do:
I have some images and audio clips on my server.
I do not want people to access these directly.
I have a PHP script that displays these images/audio.
Only registered users can access the PHP script.
However, registered users still should not be able to access the files directly.
I thought of a few ways, and was hoping you guys could give thoughts on how well these ways work and suggest other methods too. I'm very new at web programming, and would be interested in hearing ideas you guys have. Thanks!
Way 1:
Use htaccess to restrict access to images in a directory. PHP has the user/pw for that and so can access the files, but other people cannot.
Way 2:
Put the files in a directory that is not accessibly via http. PHP can still access those but other people cannot accdess them directly.
The context of all this is that I am writing an RIA in Flex that will query PHP for data, both from MySQL and from images and audio. I want people to only be able to access that data from the Flex program, and not just paste in URLs and steal my images/audio.
Thanks.
sphoenixee
First post here
Apologies if this has been answered a thousand times already.
Basically, here's what I want to do:
I have some images and audio clips on my server.
I do not want people to access these directly.
I have a PHP script that displays these images/audio.
Only registered users can access the PHP script.
However, registered users still should not be able to access the files directly.
I thought of a few ways, and was hoping you guys could give thoughts on how well these ways work and suggest other methods too. I'm very new at web programming, and would be interested in hearing ideas you guys have. Thanks!
Way 1:
Use htaccess to restrict access to images in a directory. PHP has the user/pw for that and so can access the files, but other people cannot.
Way 2:
Put the files in a directory that is not accessibly via http. PHP can still access those but other people cannot accdess them directly.
The context of all this is that I am writing an RIA in Flex that will query PHP for data, both from MySQL and from images and audio. I want people to only be able to access that data from the Flex program, and not just paste in URLs and steal my images/audio.
Thanks.
sphoenixee