PDA

View Full Version : How to protect photo folder with .htaccess ?

tommykjensen
31st of December 2004 (Fri), 11:56
I got my new hosting yesterday ( my original site got wiped out by the Santy worm so I decided to get a proffesional host).

My new host is running on linux and use apache so I now have the ability to use .htaccess but how can I achieve following:

- a script is used to display the photos
- the script read the photo from a folder
- individual users should not be allowed to view the photo by entering the full url to the folder where the photos are store

example:
to see photo: http://url.com/script.php?name=photo.jpg

the photo is stored in
http://url.com/hidden/photo.jpg

users must not be able to use the last url to view the photo only the first one.

Is this possible?
Pekka
31st of December 2004 (Fri), 12:23
Yes this can be done with Exhibit Engine 1.5 RC4. Give exhibition a password. In misc settings click a button "Localize files (using ftp, includes file name obfuscation)". This way each time image is viewed it is given a random filename and shown from temp folder. You can set a maximum number of files in that folder which means the oldest one is replaced when max number is reached. This way the images do not stay on the temp folder for long.

Technically this works so that each time the image is requested it is retrived by ftp from original path/server (ftp is used because EE can server images from multiple servers) and stored in temp with random filename. If the path is on localhost ftp is very fast, i.e. hardly noticeable.

PS. See http://photography-on-the.net/forum/showthread.php?t=51694 for tips how to secure your server against any worm.
tommykjensen
31st of December 2004 (Fri), 12:38
Thanks I will look closer at that when I get EE up and running again. But for now I just have the simple script that I use for direct linking and it is for that I am looking for a way to prevent access to the photo folder.

As for security, I have full confidence that the provider I have choosen will ensure security is at top level.

On the new host I am not going to install phpBB (or vBulletin for that matter ;) )
Scottes
31st of December 2004 (Fri), 12:47
http://photography-on-the.net/forum/showthread.php?t=15632&highlight=.htaccess

Maybe?
tommykjensen
31st of December 2004 (Fri), 12:53
http://photography-on-the.net/forum/showthread.php?t=15632&highlight=.htaccess

Maybe?

Maybe, I will check that out.