Hello, I have a application where users upload images to the server. I am using Tomcat 4.1.27. The folder structure is as below : webapp |__application |__images |___data |___temp Images uploaded by user are temporarily stored under webapps/application/iamges/temp folder. After processing the image, its preview is displayed to the user and once he submits the page, the image is copied with a different name to the data folder. When the image preview is displayed, it is displayed using line <IMG src="/application/images/temp/tempimagename.jpg" > Now my problem is, I don't want the user to access any file under temp or data folder. If the user types such a url in the browser, he shouldn't be allowed to view the file. http://url ort/application/images/temp/tempimagename.jpg or http://url ort/application/images/data/imagename.jpg At the same time, I have a functionality for the admin, where he will be displayed with the image as <IMG src="/application/images/data/imagename.jpg" > Is it possible to restrict the user? How can I block any direct access to the file. Please help me ASAP. Thanks in advance Hemant.
Joined: Jul 02, 2001
Please don't cross post both here and in the Tomcat forum. It wastes space, time and resources. /Peter
You want images uploaded from users to be available to the admin, but not other users? Placing them in the web-inf won't work, tha admin won't ba able to see them. One option is to load them into a directory on the webroot that has some sort of protection (BASIC authentication is the easiest). If you already have some security built-in you could also save the images off the webroot and serve them using a custom Servlet which checks user priveledges.This is similar to the first, but is a little cleaner if you already have security enabled. Dave
Joined: Jan 07, 1999
Just in case anyone reads the above two messages and gets confused, remember that in most situations the name of the directory/folder WEB-INF is case sensitive. Please always use "WEB-INF", which is guaranteed to work, rather than "web-inf" which will only work in some cases. Thanks.