This has probably been asked before. Apologies if so, I didn't see anything close enough.
This exact scenario is a bit different and more complicated than this, but if this problem can be solved, I can work out the rest. Say I want people to upload images using html:file, and have implemented that successfully. Now people get to view images (login role and other things determines what images they get to see). But how to protect those files from unauthorized viewing? I could store the images in BLOB's in the database. That would achieve security...But If I do that, how do they get to the user using the img tag? Utter guess: This how the action attribute on the tag works, and I'd write the file to the output stream in an action??? I can't imagine that this would be the right answer (html source would then look like...I have absolutely no idea) Alternatively, say I don't want to store them as BLOB's, and just use the file system. How do I keep people from potentially pointing their browsers at the right URL and viewing files they aren't entitled to see? How does one build security onto this type of app? TIA -Joe --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
