Okay, the action attribute was actually the obvious choice (matching the same attribute on the link tag).
So how does one do this? > -----Original Message----- > From: Joe Hertz [mailto:[EMAIL PROTECTED] > Sent: Sunday, September 12, 2004 6:56 PM > To: 'Struts Users Mailing List' > Subject: Protecting files question > > > This has probably been asked before. Apologies if so, I > didn't see anything > close enough. > > This exact scenario is a bit different and more complicated > than this, but > if this problem can be solved, I can work out the rest. > > Say I want people to upload images using html:file, and have > implemented > that successfully. > > Now people get to view images (login role and other things > determines what > images they get to see). > > But how to protect those files from unauthorized viewing? > > I could store the images in BLOB's in the database. That would achieve > security...But If I do that, how do they get to the user > using the img tag? > Utter guess: This how the action attribute on the tag works, > and I'd write > the file to the output stream in an action??? I can't imagine > that this > would be the right answer (html source would then look like...I have > absolutely no idea) > > Alternatively, say I don't want to store them as BLOB's, and > just use the > file system. How do I keep people from potentially pointing > their browsers > at the right URL and viewing files they aren't entitled to see? > > How does one build security onto this type of app? > > TIA > > -Joe > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]