On 3 February 2010 16:22, Karl DeSaulniers <k...@designdrumm.com> wrote:
> Ahhhh..
> Very nice. I did not think of that.
> But lets say its a whole bunch of images and multiple people may be
> accessing them.
> Is it safe to have them accessing a directory outside the public_html
> directory?
> Thanks,
>
> Karl
>
> On Feb 3, 2010, at 10:14 AM, Richard Quadling wrote:
>
>> On 3 February 2010 16:07, Karl DeSaulniers <k...@designdrumm.com> wrote:
>>>
>>> Thank you all for your numerous responses.
>>>
>>> I hear you loud and clear. I was wanting to see if it would be less of a
>>> burden on the server and secure my images better to put the images inside
>>> a
>>> database, but
>>> as you all have almost uniformly stated, this would not be the best
>>> situation.
>>> I currently have all my images referenced by url in my database and
>>> stored
>>> in a folder/s and I think I will keep it that way...
>>>
>>> Thanks for your 2 cents,
>>>
>>> :)
>>>
>>> Karl
>>>
>>> --
>>> PHP Database Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>>
>>
>> If you put the images OUTSIDE of the webroot/docroot/public_html
>> folder (whatever you have), then a user cannot directly navigate to
>> the file.
>>
>> e.g.
>> /home/sites/your_site/public_html/images/image1.jpg
>>
>> http://www.yoursite.com/images/image1.jpg would probably work.
>>
>> But ...
>>
>> /home/sites/your_site/public_html/getImage.php
>> /home/sites/your_site/hidden_images/image1.jpg
>>
>> Now, there is no way I can load image1.jpg from my browser. I have to
>> use getImage.php, which I assume would require me to login or
>> authenticate myself in some way.
>>
>>
>> --
>> -----
>> Richard Quadling
>> "Standing on the shoulders of some very clever giants!"
>> EE : http://www.experts-exchange.com/M_248814.html
>> EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp
>> Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731
>> ZOPA : http://uk.zopa.com/member/RQuadling
>
> Karl DeSaulniers
> Design Drumm
> http://designdrumm.com
>
>

If the file is outside of the docroot, then they _CANNOT_ access them.
There is no url to the image!

So, a script which examines the session to make sure the request is
valid is normally enough to restrict feeding the images to valid
users.

Multiple simultaneous readers are not a problem.

If you have any writers, then you need to introduce a locking
mechanism or some other protection.



-- 
-----
Richard Quadling
"Standing on the shoulders of some very clever giants!"
EE : http://www.experts-exchange.com/M_248814.html
EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp
Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731
ZOPA : http://uk.zopa.com/member/RQuadling

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to