At 1:45 PM -0700 10/19/07, Instruct ICC wrote:
> Hi gang:
I think I found a solution.
Here's the url:
http://www.webbytedd.com/bbb/image-test1/
The point is that the image is only accessible via this script, is
this correct?
I can access it without a script:
http://www.webbytedd.com/bbb/image-test1/images/a.jpg
I think what you were seeing was a cached image.
It may be difficult to guess a.jpg even if I can guess /images
but in the img tag, try src="display_image.php?id=anId"
and in display_image.php, test if the user is authorized before
displaying the image.
Then a direct call to display_image.php?id=anId would still have a
chance to authenticate the user.
The script (in production) would check to see if the user was logged
in, so that's not a problem.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php