> Hi gang: > > I think I found a solution. > > Here's the url: > > http://www.webbytedd.com/bbb/image-test1/ > > The point is that the image is only accessible via this script, is > this correct? I can access it without a script: http://www.webbytedd.com/bbb/image-test1/images/a.jpg It may be difficult to guess a.jpg even if I can guess /images but in the img tag, try src="display_image.php?id=anId" and in display_image.php, test if the user is authorized before displaying the image. Then a direct call to display_image.php?id=anId would still have a chance to authenticate the user. _________________________________________________________________ Peek-a-boo FREE Tricks & Treats for You! http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us