I've never done any binary object storage in a database either, so I'm not definitively saying this is the answer...merely an avenue to explore.
Your assumption is that there will be a get_image.cfm?id=xx page...I'm not suggesting that. I'm suggesting a pagename.cfm (whatever page name) that contains a query (or returns a query via CFC...not trying to get tied up in an architecture debate)... queryname.image[n] would return the specific image to display (where 'n' is the row number of the query). so <img src="#queryname.image[n]#" /> wouldn't reveal anything in particular, and wouldn't necessarily make it accessible to simply modifying URL vars to return a specific image. (ps...i realize that notation is not 100% correct or complete...i think there's some sort of conversion that needs to be done on the binary image data to convert it back to an actual usable image object...but I still think it's an option worth looking into) :) On 7/21/06, Ben Nadel <[EMAIL PROTECTED]> wrote: > Even if you store the images in the database, it's still a matter of naming > conventions.... > > Get_image.cfm?id=49 > > Is no more secure than > > Images/49.jpg > > Database or not, the file name has to be obfuscated if they don't want > people guessing access to other people's images. > > I don't know very much about storing stuff in databases, but either way, the > "look up" action needs to be hard to guess. > > ....................... > Ben Nadel > www.bennadel.com > > -----Original Message----- > From: Charlie Griefer [mailto:[EMAIL PROTECTED] > Sent: Friday, July 21, 2006 9:38 AM > To: CF-Talk > Subject: Re: hiding an image path > > i know there have been heated discussions about the overhead (or lack > thereof) of storing actual images in the database...but could that be an > option to try? > > On 7/21/06, Ben Nadel <[EMAIL PROTECTED]> wrote: > > What if you use a UUID to name the files and that way even if the user > > knows the directory, they will never guess FILE NAMES.... And > > hopefully you have directory browsing turned off so they cannot view a > > list of files... I mean, what does it matter if they know the > > directory if they can't know the file names. > > > > ....................... > > Ben Nadel > > www.bennadel.com > > > > -----Original Message----- > > From: Dave Lyons [mailto:[EMAIL PROTECTED] > > Sent: Friday, July 21, 2006 4:01 AM > > To: CF-Talk > > Subject: Re: hiding an image path > > > > James, > > I'll give that a go, i thought about it before but was a lil worried > > about performance doing that. thanks > > > > Michael, > > Thats not a real possibility because those same images will be > > constantly viewed by hundreds of continuous users 24x7 (hopefully), so > > I can't be moving and deleting them all the time it would be murder on the > server. > > > > They are basically preview photos that are pulled from the members > > section and I dont want to give away the path even though you have to > > be logged in to get into that folder. But as I am making this section > > I think I might just do it a different way and then I wont have to worry > about it. > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/cf_lists/message.cfm/forumid:4/messageid:247276 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
