Image security. Image view prevention from unwanted users?

[TC]

Hello.

I’m working on an image gallery.

Is there any way to only allow certain people to see the images and not everyone else on the net?

For example,

• un-authorized users could enter the url of the images to see them.
  They can either guess the url, use a program to try random combinations or even be given it from an authorized user.

• Bots scanning the net could see the images then copy them.

What is the best way to only allow authenticated users to see the images and prevent everyone else on the net from being able to see them?

Thanks.

[__]

What is the best way to only allow authenticated users to see the images

Authenticate your users. Once that’s done, serve them the image.

You’d need to write a separate script for serving the images, rather than allowing Apache/whatever server you use handle it normally. If you’re using PHP, look into using header to set the appropriate http headers, and readfile for actually serving the file.

This is a basic example of the mechanics, but keep in mind there are also security concerns. Doing this sort of thing can open you up to all kinds of vulnerabilities. If you don’t know what you’re doing, you can allow an attacker to gain total control of your site — so do your homework first. Ask if you have any specific questions.

[Author]

Posts