Sorry about the crash, But if this is the worst thing that has happened to us today... We should consider ourselves lucky 🙂
OK.. So here is my problem.... I have a web site which publishes pictures (about 10,000 to 40,000) (and no they aren't porn)... The files are stored in a single directory, (or maybe a tree structure of directories) I only want people to access the files via the web pages, and not by browsing directly to the indivdual pictures, if they know the name of the file (maybe from a prior visit or by interpolation) they have access to it.... How do I prevent this... Here are some thoughts.... (BTW, I'm using sessions to maintain security to the actual web pages not 404 Authorization)
1) Keep all images in a database (Is this really all that inefficient, everyone says it is, but I don't see benchmarks, the database size would be about 600 megs if stored there)
2) Use a MD5 name for all the files, and hopefully it would be very hard to people to figure out the names... But the problem here is that they could access the files if they knew the name from a previous visit, and those long names are being stored somewhere.... seems inefficient...
3) Write a function to display the the image, so the user never knows the name.. i.e. imgsrc=getpic.php?index=5 ..... The problem here might that it would be slow (like the database solution) and also it seems like I might have caching issues....
Thanks for any input...
Joe
