Hi Philip, On 10 Jan 2004 at 12:42, Philip J. Newman wrote:
> I want to store some images outside the /public_html/ how ever my isp > has decided that i'm not aloud to write files in that area. Would the > next best solution that wold be as secure to maybe put them in a folder > with a .htaccess file in it? You could use an htaccess file, but: (a) the Apache web server must be configured to allow htaccess to over-ride authentication settings (which, from what you've told us, is something you'll have no control over); (b) you'd need to upload an htpasswd file containing username and passwords pairs to the webserver, but wouldn't be able to save it to an off-web directory; and (c) the htaccess file would prevent your own scripts from accessing the image files, which would mean that the user viewing a page with a protected image would need to type a username and password in order for the image to be displayed. Doesn't sound like the best solution to me. Do you have access to a database? One solution would be to store all images on a database and have the image files generated dinamically via PHP. That would imply in some overhead, but it would be fairly secure. If you like the idea, let me know and I'll tell you how I've implemented it in the past. Another much more complicated solution would be to rename your image files with a PHP extension (thus protecting their contents) and create a script to read these files, extract their contents and create temporary PNG/JPG/GIF files on the fly. Good luck, Erik -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php