hockey97 Posted November 6, 2015 Share Posted November 6, 2015 Hi, I have see websites like mega_upload. Where when you upload something they generate a URL customized for that individual. For example : people that use paypal to sell digital products. They have a PHP script where once after payment their server generates a customized URL to the file. This URL expires in a given week. If you didn't download it by then. You would need to pay again. Which would generate another customized URL. I have a website that has images and I want more security around images. I don't want the end user to clearly or easily know where the source is by looking the the webpages source code. I currently have a php file that grabs the image and renders it. This can prevent hot linking to a image and other stuff like un-authorized access to the images. However,this image still gets shared to authorized people. I just want to give the user more control over how the image can be used. I don't want people to easily download a copy of the image. If they know the source they can easily just download the image. I was told that I need to create a PHP script and uses apaches rewrite. The PHP file will grab all images and render them. I can then use this url as the images source. It gives me that 2 layer security where only authorized users can access them and the URL changes every time you load a page. So, you cannot know the original link. I plan to have a feature where the user can permit another user to download certain photos. I just want to add more security on images to prevent people from getting cyber bullied or other nasty things from the internet. Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted November 6, 2015 Share Posted November 6, 2015 First off: If the images can lead to cyber-bullying, they don't belong on a webserver at all. No matter how many PHP scripts you put in front of them, that doesn't change the fact that they can eventually be accessed and shared via a standard URL. So don't put too much expectations into your access script (the same is true for your hotlinking check, by the way). At best, you can try to make the images a bit less public. Set up a secure random number generator. For example, use bin2hex(openssl_random_pseudo_bytes(16)) to generate random tokens. Create a table which maps tokens to images and stores additional information like the expiry date. Hand out share links to the image owner. For example: https://images.yoursite.com/token=d4261fb9af53989d2c8d55caa4bd812c In your access script, look up the token, check the expiry date, and if everything is OK, display the image (if performance is a concern, use the Sendfile mechanism rather than loading the file into PHP). // I'll move your topic to the PHP section, because this doesn't really have anything to do with Apache. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.