I'm hoping someone can help me.
Basically I'm looking for a way of securing folders that can only be
accessed by the logged in person, and any manipulation of the url,
e.g. pointing to another folder, results in a validation check saying
that access isn't granted. I think an example might help explain;
I have a site which allows users to upload their images, which are
then stored into a folder that can be served back to them, for
example,
www.myurl.com/user1/images
What I need is a way of locking the url /user1/images so that only
user1 can get access. At the moment it's possibly to log in as say,
user2, and change the url from
www.myurl.com/user2/images to
www.myurl.com/user1/images
This isn't secure and I can't figure a way of locking the folders.
Currently my only option is to hash the user name and store their
images within a folder created by the hash, and therefore reducing the
chances of someone guessing; for example, your not likely to guess a
15 character hash, rather that say 'user1'.
Any help on this front would be greatly appreciated.
Search
