Protecting client art images

madsamurai · 2008-03-15 22:15:16 UTC

I’m working on a site for a printing company, which includes art uploading for client artwork.

I would like to put this artwork somewhere where it can’t be directly accessed. I had set up the site in a ‘public’ folder inside my domain folder, and re-pointed the domain to that public folder, thinking I could put my ‘clientArt’ folder outside the public folder so it wouldn’t be directly accessible. That works so far as being able to upload art there, but I can’t seem to display thumbnail images contained there on my pages.

I don’t want anyone to be able to see these client images except for within the context of the site pages. Is there some other way I can achieve this?

Thanks

rlparker · 2008-03-15 22:48:35 UTC

What is the “context of the site pages”?

If you only want clients to be able to see the images, you can protect them by polcing them in a password-protected directory (apache authentication using .htaccess).

If you want the public to be able to see the images, but only from within your site, you can test for a referrer and allow or deny access as appropriate, which will prevent “hotlinking” and provide a degree of protection from “direct access”.

That said, if you do allow the “public” to “see” the images, then you ultimately cannot control them, or the context in which they may end up appearing … such is the nature of the web.

–rlparker

madsamurai · 2008-03-16 00:26:58 UTC

by “within the context of the site pages” I mean there is a registered customer area (it’s a joomla site), where the customer should be able to see thumbnails, etc. of their own art files.

What I’m trying to avoid is just anybody being able to go to www.mysite.com/clientArt/someclient/someprivateimage.png and see some other client’s artwork.

Granted, there’s some protection already in my file structure… you would have to know the clientId and the name of the artwork to find the files to begin with.

I think what I might do is generate the thumbnails on the fly, via php and imagemagick, in which case I would be able to put the files in a directory below the public area. That would also relieve the number of thumbnail files I’d need to manage, but might slow down the page display in the process.

Testing for a referrer might work just as well, tho I don’t know how to set that up… is that also an .htaccess function?

What about just adding a redirect in my site .htaccess where www.mysite.com/clientArt would just redirect to the site index? Would that work, or would it also prevent those images from being displayed on the pages where they’re needed?

I appreciate your help

rlparker · 2008-03-16 01:48:27 UTC

Yep - http://wiki.dreamhost.com/KB_/Unix/_.htaccess_files#Prevent_Image_Hot_Linking should get you started.

Depending upon how you implement that it could work, though it could also interfere with your normal Joomla! navigation.

You might consider investigating some of the Joomla! gallery extensions that allow a user to have a private gallery, since youare using Joomla.

–rlparker