CODEWITHSUNDEEP
php.htaccess
assaqqaf
assaqqaf

Reputation: 1585

What is the best method to hide a file on a server?

I am going to make an image hosting system in PHP. I wondered how I should hide my images from users so they can only be accessed through a special url.

I need to discuss all techniques that include htaccess.

Upvotes: 1

Views: 675

Answers (6)

ldog
ldog

Reputation: 12151

I think the best method would be to encrypt it.

Upvotes: -1

Sabeen Malik
Sabeen Malik

Reputation: 10880

i would prefer that instead of having a PHP process send the file and hog server resources for long while its sending the content.. create a script which copies the file over to a directory with a random name and then just send that file to the user and have another script clear out that directory after set intervals .. if creation time older than 30 mins .. delete .. that way u minimize u just need an apache process to send back the file instead of apache + php process.

Upvotes: 1

Mike C.
Mike C.

Reputation: 4977

Put the files outside of the relative root and use a script like showimage.php to grab the file from outside of the webroot and stream it down to the user. The code would look something like:

$len = filesize($filename);
header("Content-type: image/jpeg");
header("Content-Length: $len");
header("Content-Disposition: inline; filename=\"$new_filename\"");
readfile($filename);

Additionally, since you're running a script, you can do authentication/authorization in the script. This allows you to set up a modRewrite rule such as:

RewriteRule ^images/(.*)$   /showimage.php?file=$1

so that your image files could be rendred as:

www.domain.com/images/somefile.jpg

instead of:

www.domain.come/showimage.php?file=somefile.jpg

Upvotes: 8

brianreavis
brianreavis

Reputation: 11546

Put them in a directory one-up from your document root. Then, use an .htaccess file to grab them:

RewriteBase /
RewriteRule ^(.+?)\.jpg$ ../imgs/$1.jpg

Upvotes: 0

Seth
Seth

Reputation: 46443

Just don't store your images in the web root. Use a php file to manage access. When you want to show a file, do something like: 

<?php
header('Content-type: image/jpeg');
$f = file_get_contents('path/to/image.jpg');
print $f;
?>

Upvotes: 3

innaM
innaM

Reputation: 47869

You write a little php script that reads the image file and sends the contents to the client. The PHP script can check its parameters and cookies and the image is saved somewhere outside the document root.

Upvotes: 3

Related Questions