> >> I think I found a solution. > >> > >> Here's the url: > >> > >> http://www.webbytedd.com/bbb/image-test1/ > >> > >> The point is that the image is only accessible via this script, is > >> this correct? > > > >I can access it without a script: > >http://www.webbytedd.com/bbb/image-test1/images/a.jpg > > I think what you were seeing was a cached image.
Yes, it seems I was accessing a cached image. If I am allowed to see this picture, but not another, you may still have a security issue. If I am allowed to see this picture, and thereby am also allowed to see any other, then you probably don't need to secure it more. I just don't like the actual image filename in the HTML view source. I prefer to hand off an id to a display_image.php script which checks credentials for the specific picture. _________________________________________________________________ Peek-a-boo FREE Tricks & Treats for You! http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us
