authenticating a media folder

Results 1 to 3 of 3

Thread: authenticating a media folder

  1. #1
    paricklocke Guest

    Default authenticating a media folder

    If I have a folder... in this case a media folder with db created buch of thumbnail files named 1.jpg, 2.jpg etc....<BR>I want to call those images up in a page... however i don&#039;t want the non-authenticated user to be able to access the directory directly, or any other way... ie http://url/1.jpg, so on...<BR><BR>so is there a way to set a username and password as a glabal variable and then pass it to allow a page to pull media from a folder?<BR><BR>is this even the right approach.. <BR>I made a page that streams the files so the end user could not see the file path but... this seemed expensive for 100 plus media files at a time..

  2. #2
    Join Date
    Dec 1969

    Default A toughie...well...maybe not...

    Too bad you aren&#039;t using ChiliSoft ASP on Unix or Linux where it would be easy: For each user, you&#039;d create a directory with the user&#039;s SessionID or something suitably encoded into a random string and then point them at that directory. The directory would *actually* be simply a "Symbolic Link" (like an MS shortcut, but something that is built into the file system, instead of being the hack that MS has put in), so the overhead of creating and destroying one would be miniscule.<BR><BR>Sigh.<BR><BR>Oh! Hey! Even if you wanted to serve up the main pages via IIS ASP, you could perhaps serve up the images from a unix host and pull this, couldn&#039;t you? Hmmm... It would take a minor component running on the ASP machine to go over to the unix box and create/destroy the symbolic links. Hmmm...<BR><BR>Anyway, short of that...<BR><BR>So how about this: Surely you don&#039;t care if they can see the thumbnails, since you are already showing them in the web page, yes? So don&#039;t have any logical connection between the thumbnail name and the large image name. Use a DB to make the connection and instead of doing &#060;A HREF="big1.jpg"&#062;&#060;IMG SRC="tn1.jpg"&#062; you do something like &#060;A HREF="showpic.asp?which=1"&#062;&#060;IMG SRC="tn1.jpg"&#062; and then the ASP page, *if* the user is authenticated, serves up the HTML page with &#060;IMG SRC="bigXXZYQ14.jpg"&#062; ... that is, a name that has no logical connection to the number (heck, you could even rename all the files once a day or so?) so even knowing the directory wouldn&#039;t help a user to guess the file name.<BR><BR>Anyway, you put *only* the thumbnails (named simply "1.jpg", etc.) into one directory, so who cares if the user can see all them? And then you play the other games.<BR><BR>You *COULD* even use the FileSystemObject to copy the requested image (after authentication) into a custom directory created just for this user and then destroyed on session end (or sooner?). Or into a custom file name. Or or or... At least this way you are copying only *requested* (and authenticated) files, instead of all the thumbnails on every hit, good or bad.<BR><BR>Ah, well...<BR><BR>No great ideas there. Just more ideas to toss around.<BR><BR>

  3. #3
    patricklocke Guest

    Default RE: A toughie...well...maybe not...

    Thanks Bill,<BR><BR>I did the approach &#060;Img src=showfile.asp?id=9&#062;<BR>i wrote show file two different ways, one to stream the file from the file, the second streams it from the database.<BR><BR>I just wonder how expensive it is to be doing this this way.<BR><BR>The user is always flipping thru hundreds of images at a time.<BR><BR>In apache we did it using forcetype.<BR><BR>I like your Unix idea better.<BR><BR>As a matter of fact.. linux does seemd to serve up files faster doesn&#039;t it?<BR><BR><BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts