• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

blocking access to images

 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,
I have a application where users upload images to the server. I am using Tomcat 4.1.27. The folder structure is as below :
webapp
|__application
|__images
|___data
|___temp
Images uploaded by user are temporarily stored under webapps/application/iamges/temp folder. After processing the image, its preview is displayed to the user and once he submits the page, the image is copied with a different name to the data folder.
When the image preview is displayed, it is displayed using line
<IMG src="/application/images/temp/tempimagename.jpg" >
Now my problem is, I don't want the user to access any file under temp or data folder. If the user types such a url in the browser, he shouldn't be allowed to view the file.
http://url ort/application/images/temp/tempimagename.jpg or
http://url ort/application/images/data/imagename.jpg
At the same time, I have a functionality for the admin, where he will be displayed with the image as
<IMG src="/application/images/data/imagename.jpg" >
Is it possible to restrict the user? How can I block any direct access to the file.
Please help me ASAP.
Thanks in advance
Hemant.
 
Ranch Hand
Posts: 118
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please don't cross post both here and in the Tomcat forum.
It wastes space, time and resources.
/Peter
 
Ranch Hand
Posts: 331
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
place them under the web-inf directory
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You want images uploaded from users to be available to the admin, but not other users?
Placing them in the web-inf won't work, tha admin won't ba able to see them.
One option is to load them into a directory on the webroot that has some sort of protection (BASIC authentication is the easiest).
If you already have some security built-in you could also save the images off the webroot and serve them using a custom Servlet which checks user priveledges.This is similar to the first, but is a little cleaner if you already have security enabled.
Dave
 
Sheriff
Posts: 7001
6
Eclipse IDE Python C++ Debian Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Just in case anyone reads the above two messages and gets confused, remember that in most situations the name of the directory/folder WEB-INF is case sensitive. Please always use "WEB-INF", which is guaranteed to work, rather than "web-inf" which will only work in some cases.
Thanks.
 
Hemant Visal
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,
As this was my first post, I was not aware of cross posting issues. Henceforth I will take necessary care.
Thanks a lot.
 
There's a hole in the bucket, dear Liza, dear Liza, a hole in the bucket, dear liza, a tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic