Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder
    Join Date
    Jan 2004
    Posts
    107
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Making a secure image-folder

    I'm developing a system that will store alot of images in a single folder. I need the folder to be secure, so users may not view the images in the folder. I cannot use somthing like .htaccess files, as they are not compatible with every server (this will be distributed, so it needs to be universal)

    My idea is this: The images in the folder are going to receive random names like "023712ygH.jpg" or "nch9823dg.jpg". So people can't look in the folder, there will be a blank index.htm file inside. I just want to know: Is this a very secure method? And is there any way people can still look inside the folder/find the file names? Is there any image re-direct methods that work on every server?

  • #2
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,095
    Thanks
    11
    Thanked 101 Times in 99 Posts
    is there any way people can still look inside the folder/find the file names?
    no
    Is this a very secure method
    no

    you can't really do universal solutions for this , though you could put the images above the web-root and then use a script to read and display the images , being above the web-root the images will not be viewable directly but your scripts can easily get at them ... for PHP a simple <?readfile('/home/user/protected/imgname.jpg');?> would do the job, I assume such an approach works for ASP/IIS etc
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #3
    Regular Coder
    Join Date
    Jan 2004
    Posts
    107
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by firepages
    no

    no

    you can't really do universal solutions for this , though you could put the images above the web-root and then use a script to read and display the images , being above the web-root the images will not be viewable directly but your scripts can easily get at them ... for PHP a simple <?readfile('/home/user/protected/imgname.jpg');?> would do the job, I assume such an approach works for ASP/IIS etc
    Because of the way this is being distributed, running things above the root is not really an option.

    Basically, I'm using php/mysql to run this. Images, when uploaded through the system, are given 9 digit random names like 8fn4ys7fj.jpg and such. (Then the image names are stored in the database, and then allowed to be viewed after a certain date)

    The idea is that people cannot guess the name of the files within the folder - thus not being able to view the images. The only way they could put in the url is by already knowing the name (but by then, that means the image was already released), or by a really lucky guess (odds of 1 in 3656158440062976).

    I just need to make sure that the names of the images arent spread around before their time. So assuming this isnt the pentagon, would this work?

  • #4
    Senior Coder
    Join Date
    Jun 2002
    Location
    UK
    Posts
    1,137
    Thanks
    0
    Thanked 0 Times in 0 Posts
    surely reducing the time frame between upload and release would help you. That way if people guessed correctly at the filename they would only have it a few mins before everyone else.

    If you set the other servers to copy of the updated one the time frame would be about 10mins or less from upload to be copied to the other servers.

    If the data requires such high security, where talking the data was top notch and worth millions before release, you would just put it online when you wanted to release it.

    its just my £0.02

    scroots
    Spammers next time you spam me consider the implications:
    (1) that you will be persuaded by me(in a legitimate mannor)
    (2)It is worthless to you, when i have finished


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •