j*****o 发帖数: 320 | 1 在webroot/images/下有一堆JPG文件,命名都很规则:
webroot/imgaes/folderA/folderA001.JPG
webroot/imgaes/folderA/folderA002.JPG
...
webroot/imgaes/folderA/folderA00n.JPG
...
webroot/imgaes/folderB/folderB001.JPG
webroot/imgaes/folderB/folderB002.JPG
...
文件名字,路径和存取权限都在数据库里面,让PHP调用。当图片
在网页上显示的时候,根据就能看见图片名和路径。
现在需要防止未授权用户根据已有的文件路径猜测图片名和路径。
已知的办法是用Javascript加密HTML,但不是上上之选。最好也不用
Flash/Java Applet, 不要存图像到数据库里,也不要用Apache
的htaccess。
有什么别的办法么?谢谢。 |
m******t 发帖数: 2416 | 2
You can use php to serve the image files, instead of using static links.
Instead of putting the image file name in a link, put a random id, then in
your php program you can map that id to the actual file.
【在 j*****o 的大作中提到】 : 在webroot/images/下有一堆JPG文件,命名都很规则: : webroot/imgaes/folderA/folderA001.JPG : webroot/imgaes/folderA/folderA002.JPG : ... : webroot/imgaes/folderA/folderA00n.JPG : ... : webroot/imgaes/folderB/folderB001.JPG : webroot/imgaes/folderB/folderB002.JPG : ... : 文件名字,路径和存取权限都在数据库里面,让PHP调用。当图片
|
j*****o 发帖数: 320 | 3 I failed to do so. Do you know if there has a sample?
【在 m******t 的大作中提到】 : : You can use php to serve the image files, instead of using static links. : Instead of putting the image file name in a link, put a random id, then in : your php program you can map that id to the actual file.
|
m******t 发帖数: 2416 | 4
I can't get you a sample right now even though I'm sure people are using this
technique all over the Internet. 8-)
The basic idea is to serve images dynamically just like you serve the pages.
【在 j*****o 的大作中提到】 : I failed to do so. Do you know if there has a sample?
|
j*****o 发帖数: 320 | 5 I finally got it. One php file should use GD to output a pure picture
stream, and another use to display.
In this way, web user will never find out where pictures are stored.
【在 m******t 的大作中提到】 : : I can't get you a sample right now even though I'm sure people are using this : technique all over the Internet. 8-) : The basic idea is to serve images dynamically just like you serve the pages.
|
c***r 发帖数: 4631 | 6
="../../../../imgserver/user/usr/bin/getImage.php?type=A&id=1&app=X&dir=0&user
=ESDFA342WS2w3SW#6">
Then use your php to read the image file from folder information from type and
file number with 1. others are just used to confuse crackers. And then just
output the every bite from the image file. Remeber to change the MIME type.
Don't just do redirect, people could figure this out easily.
【在 j*****o 的大作中提到】 : 在webroot/images/下有一堆JPG文件,命名都很规则: : webroot/imgaes/folderA/folderA001.JPG : webroot/imgaes/folderA/folderA002.JPG : ... : webroot/imgaes/folderA/folderA00n.JPG : ... : webroot/imgaes/folderB/folderB001.JPG : webroot/imgaes/folderB/folderB002.JPG : ... : 文件名字,路径和存取权限都在数据库里面,让PHP调用。当图片
|