Hello, I have a application where users upload images to the server. I am using Tomcat 4.1.27. The folder structure is as below : webapp |__application |__images |___data |___temp Images uploaded by user are temporarily stored under webapps/application/iamges/temp folder. After processing the image, its preview is displayed to the user and once he submits the page, the image is copied with a different name to the data folder. When the image preview is displayed, it is displayed using line <IMG src="/application/images/temp/tempimagename.jpg" > Now my problem is, I don't want the user to access any file under temp or data folder. If the user types such a url in the browser, he shouldn't be allowed to view the file. http://url ort/application/images/temp/tempimagename.jpg or http://url ort/application/images/data/imagename.jpg At the same time, I have a functionality for the admin, where he will be displayed with the image as <IMG src="/application/images/data/imagename.jpg" > Is it possible to restrict the user? How can I block any direct access to the file. Please help me ASAP. Thanks in advance Hemant.
Joined: Nov 08, 2001
Are you askig you want to block direct linknig to a file? If you want to do this you are going to have to play with .htaccess files on your server that limit what domain the images can be displayed for. Eric
Author and all-around good cowpoke
Joined: Mar 22, 2000
If you use a servlet to serve the images, and store the images outside the directory system the web server is allowed to serve from (for example, under WEB-INF) your problem is solved. Your servlet can handle any security precautions with ease. Bill
Hemant, welcome to the Range. Be advised that cross-posting the same question in multiple forums is a no-no. Please pick one forum that you feel is best for your post. If you guess wrong, not to worry; one of the friendly neighborhoos bartenders will move the errant post for you. thanks, bear