[nycbug-talk] direct file access denied via htaccess

Francisco Reyes lists
Wed Jun 15 21:19:35 EDT 2005


On Wed, 15 Jun 2005, Isaac Levy wrote:

> In a big-picture nutshell, I'm sad to report you cannot both provide access 
> and deny access to the image files- the usual suite of obfuscation tricks are 
> trivially bypassed by anyone who wants the images and has 20 minutes to spare 
> figuring it out.

Not sure if this is possible, but....
How about having them in a directory outside the "root" for the domain and 
have PHP get them..

ie
document root /usr/local/www/somedomain

images in
/usr/local/www/somedomain-pics

PHP would have to send the HTTP requests for the images though..




More information about the talk mailing list