Even if you store the images in the database, it's still a matter of naming conventions....
Get_image.cfm?id=49 Is no more secure than Images/49.jpg Database or not, the file name has to be obfuscated if they don't want people guessing access to other people's images. I don't know very much about storing stuff in databases, but either way, the "look up" action needs to be hard to guess. ....................... Ben Nadel www.bennadel.com -----Original Message----- From: Charlie Griefer [mailto:[EMAIL PROTECTED] Sent: Friday, July 21, 2006 9:38 AM To: CF-Talk Subject: Re: hiding an image path i know there have been heated discussions about the overhead (or lack thereof) of storing actual images in the database...but could that be an option to try? On 7/21/06, Ben Nadel <[EMAIL PROTECTED]> wrote: > What if you use a UUID to name the files and that way even if the user > knows the directory, they will never guess FILE NAMES.... And > hopefully you have directory browsing turned off so they cannot view a > list of files... I mean, what does it matter if they know the > directory if they can't know the file names. > > ....................... > Ben Nadel > www.bennadel.com > > -----Original Message----- > From: Dave Lyons [mailto:[EMAIL PROTECTED] > Sent: Friday, July 21, 2006 4:01 AM > To: CF-Talk > Subject: Re: hiding an image path > > James, > I'll give that a go, i thought about it before but was a lil worried > about performance doing that. thanks > > Michael, > Thats not a real possibility because those same images will be > constantly viewed by hundreds of continuous users 24x7 (hopefully), so > I can't be moving and deleting them all the time it would be murder on the server. > > They are basically preview photos that are pulled from the members > section and I dont want to give away the path even though you have to > be logged in to get into that folder. But as I am making this section > I think I might just do it a different way and then I wont have to worry about it. > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/cf_lists/message.cfm/forumid:4/messageid:247273 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
