that was explaining the prinicple.
of course you wouldn't do it like this, but pass an id to identify. you
could also send an encryption key...
----- Original Message -----
From: "CPT John W. Holmes" <[EMAIL PROTECTED]>
To: "Toby Irmer" <[EMAIL PROTECTED]>; "Mike R" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, January 15, 2004 5:15 PM
Subject: Re: Re[4]: [PHP] Re: jpeg Uploader issue
> From: "Toby Irmer" <[EMAIL PROTECTED]>
>
> > file: show.php
> >
> > <?
> > header("Content-type: image/jpeg");
> > readfile("/path/to/file/".$_GET["filename"]);
> > ?>
> >
> >
> > in your files:
> >
> > <img src="show.php?filename=myfile.jpg" ...>
> >
> > or something like that ;)
>
> Are you trying to get him to compromise his server? I'm sure that's just a
> simple suggestion, but it's horrible. This will allow a user to request
the
> contents of any file PHP has access to read...
>
> ---John Holmes...
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
