RE: This, then that. [solved?]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 1:45 PM -0700 10/19/07, Instruct ICC wrote:
 > Hi gang:

 I think I found a solution.

 Here's the url:

 http://www.webbytedd.com/bbb/image-test1/

 The point is that the image is only accessible via this script, is
 this correct?

I can access it without a script:
http://www.webbytedd.com/bbb/image-test1/images/a.jpg

I think what you were seeing was a cached image.

It may be difficult to guess a.jpg even if I can guess /images
but in the img tag, try src="display_image.php?id=anId"
and in display_image.php, test if the user is authorized before displaying the image. Then a direct call to display_image.php?id=anId would still have a chance to authenticate the user.

The script (in production) would check to see if the user was logged in, so that's not a problem.

Cheers,

tedd

--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux