Hello,

I'm trying to figure out how to let our users securely store images in their account. Right now, the images they store are simply placed in a unique subdirectory that gets generated for each member. They must login to see the images, but if you knew the URL, you could still see the images without logging in.

Thanks!

The general scheme to do something like this is to move the files out of the document root and set up a dynamic page as a gatekeeper. For example, say /var/www/mysite/ is the document root, you could store images in /var/www/images/username/imagename, and they would be completely inaccessible by normal requests. Then, set up a CGI(or mod_perl or whatever) script that takes a query string like ?username=foo&imagename=bar and passes through the appropriate file only if the session indicates they have access.

You can get equivalent functionality by storing the images in a database, or you can use a hybrid route. I do the latter for I site I maintain, storing the given filename in a database and associating it with a hash. The actual file is named for the hash so there isn't a possibility of injecting weird file names and no duplicates are stored.

Thank you for the suggestions, I'll have to do just that if I can change my on site text editor that members use!

The editor we use only takes direct links to images when you want to add one of the ones you uploaded. So, do you know of any way to use a custom generated .htaccess file for each member's directory that will only let them access these pictures when they are logged in?

A gatekeeper script like this will suffice for a direct link, because it will output the correct headers (namely, Content-Type: image/png or whatever is appropriate) so it should be transparent form the point of view of HTML and other applications, ie, <img src="/imagekeeper.cgi?user=foo&image=bar" /> will show up for user foo if they have a good cookie (or if you add a session id to that query string).

Sorry if that doesn't help; I'm not sure I completely understand your last post.

if you want secure storage, store above the web root. Your scripts (your editor I guess) can read files in a folder above the web root, but people can't get to them from the web browser. This is easy to implement and only requires that you would change the path to the folder your members use.

Of course another method would be to use Perl/MySQL or PHP/MySQL.

A bit more of a learning curve, but in my personal opinion would be the
best way to go. Your MySQL database can be backed up easily and
accessible by other scripts in the future ... security is basically built-in.