On 3 February 2010 16:22, Karl DeSaulniers <karl@xxxxxxxxxxxxxxx> wrote: > Ahhhh.. > Very nice. I did not think of that. > But lets say its a whole bunch of images and multiple people may be > accessing them. > Is it safe to have them accessing a directory outside the public_html > directory? > Thanks, > > Karl > > On Feb 3, 2010, at 10:14 AM, Richard Quadling wrote: > >> On 3 February 2010 16:07, Karl DeSaulniers <karl@xxxxxxxxxxxxxxx> wrote: >>> >>> Thank you all for your numerous responses. >>> >>> I hear you loud and clear. I was wanting to see if it would be less of a >>> burden on the server and secure my images better to put the images inside >>> a >>> database, but >>> as you all have almost uniformly stated, this would not be the best >>> situation. >>> I currently have all my images referenced by url in my database and >>> stored >>> in a folder/s and I think I will keep it that way... >>> >>> Thanks for your 2 cents, >>> >>> :) >>> >>> Karl >>> >>> -- >>> PHP Database Mailing List (http://www.php.net/) >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >>> >> >> If you put the images OUTSIDE of the webroot/docroot/public_html >> folder (whatever you have), then a user cannot directly navigate to >> the file. >> >> e.g. >> /home/sites/your_site/public_html/images/image1.jpg >> >> http://www.yoursite.com/images/image1.jpg would probably work. >> >> But ... >> >> /home/sites/your_site/public_html/getImage.php >> /home/sites/your_site/hidden_images/image1.jpg >> >> Now, there is no way I can load image1.jpg from my browser. I have to >> use getImage.php, which I assume would require me to login or >> authenticate myself in some way. >> >> >> -- >> ----- >> Richard Quadling >> "Standing on the shoulders of some very clever giants!" >> EE : http://www.experts-exchange.com/M_248814.html >> EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp >> Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731 >> ZOPA : http://uk.zopa.com/member/RQuadling > > Karl DeSaulniers > Design Drumm > http://designdrumm.com > > If the file is outside of the docroot, then they _CANNOT_ access them. There is no url to the image! So, a script which examines the session to make sure the request is valid is normally enough to restrict feeding the images to valid users. Multiple simultaneous readers are not a problem. If you have any writers, then you need to introduce a locking mechanism or some other protection. -- ----- Richard Quadling "Standing on the shoulders of some very clever giants!" EE : http://www.experts-exchange.com/M_248814.html EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731 ZOPA : http://uk.zopa.com/member/RQuadling -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
