[Last Call] Learn how to a build a cloud-first strategyRegister Now


Preventing access to images

Posted on 2011-04-28
Medium Priority
Last Modified: 2012-05-11
I know how to code to  restrict access to php pages, but I am wondering how to prevent images being download, if someone knows the path (without going via the web app).

I want to make sure only my registered users with the right credentials can access them, but restrict others from accessing them with the path.

I am not concerned about the authorised users, with the correct credentials from accessing or even downloading them.  I just want to make sure for security reasons, that they cannot be accessed unless the person has the correct credentials.

I would appreciate advice here.  I am not sure if this needs to be done at the server level or the app level.
Question by:debbieau1
LVL 40

Assisted Solution

mrjoltcola earned 600 total points
ID: 35488426
You can setup an Apache authentication module to protect directories.

Or you can create a PHP image handler that serves up all images. So all links woudl change from /images/foo.jpg to /php/getImage/foo.jpg

I'd go with the first option for performance reasons, but it all depends on how you do your authentication at this point. There are a lot of auth modules out there, ranging from the simplest mod_auth which uses password files, to database access or ldap access (for example mod_auth_mysql)
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 600 total points
ID: 35491998
The problem with leaving the image in a folder that can be accessed by a web browser is that the image can be "accidentally" discovered.  You can move the images outside the WWW directory tree and use a script to render them on the browser screen for authorized clients.  The script would check client authentication/login status, then issue the appropriate headers and read-regurgitate the image contents into the browser output stream.
LVL 26

Accepted Solution

arober11 earned 800 total points
ID: 35496377

If you decide to use Apache as the control mechanism, then the following article may be of some use: http://www.experts-exchange.com/A_3270.html

Author Closing Comment

ID: 35498736
Thanks everyone they were all very useful

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to implement server side field validation and display customized error messages to the client.
This post looks at MongoDB and MySQL, and covers high-level MongoDB strengths, weaknesses, features, and uses from the perspective of an SQL user.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses
Course of the Month18 days, 10 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question