I keep a unique 'filestamp' in the database under each customer-- a 32-digit randomly-generated number that then can be used either as a part of image filenames, or as a directory name which contains a customer's images.
That way, in order for one customer to see another's images, they'd either have to watch over the other customer's shoulder and write down the filestamp, or they'd have to make a really good guess ;) todd On Tue, 11 Sep 2001, will trillich wrote: > y'all seem to have some clever brains out here, so i'm wondering > if some of you can offer suggestions-- > > what's a good clean way to keep images private per customer? > > i'm using mod_perl and HTML::Mason with session cookies, but > coming up with a paradigm for storing and revealing images > privately has got me a bit flummoxed. > > mr. smith has pix which he can see when he logs in to the > website, and mr. brown has pix of his own, but neither can > see the other's images. each customer can have two levels of > imagery (main images/subsidiary images). > > i could have a handler intercept image requests and deny access > if session->user isn't valid ... should i just make an apache > alias to handle images as if they're from a certain subdir? and > then use mod_perl to redirect the requests to the actual images > internally? > > or actually store the images in actual subdirs of the > documentroot? > > is there a better/faster/cheaper way? > > i'm sure there's more than one way to do this -- and before i > take the likely-to-be-most-circuituitous route, i thought i'd > cull advice from the clever minds on this list... > >
