0

my web application is really simple there are two buttons one called "save" and the other called "show my images"
basically the user can save images from facebook API and store them in the server folder called "backup" (to back up their images on the server so if they deleted their FB or image from FB they will have backup)
1- When the user click save the images will be stored in two locations. The image url will be stored in sql database but it will also be saved on server folder called "backup"
2- when they click show images the web will retrive the images url from the database and display the image. However when checkImage() is called it will check if the image url is valid or not if it not valiad it will retrive the same image from the server folder "backup"

my question is I don't want the admin to access the backup folder and be able to see all the users images
so before the images get saved in the backup folder on server I want to encode the user images and when they request the image it will decode and be displayed
Is this possible ?

function checkImage($url)
{
 if (@getimagesize($url)) {
echo  "image exists ";
} else {
echo  "image does not exist";
}
}
2
Contributors
1
Reply
15
Views
1 Year
Discussion Span
Last Post by broj1
0

If you want to prevent unauthorised users from displaying the iamges you can encrypt them using mcrypt_encrypt. But be aware that you have to deal with key management to be able to decrypt later. By that I mean generating secure keys, securely storing the keys not to expose, corrupt or loose them etc). Maybe not that important since you still have images in the database. And BTW, does admin not have acess to the database (or put it differently can you prevent him to access it without you knowing it)?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.