|
|
Posted by Geoffrey on 12/03/06 02:49
Hi Brian --
Perhaps you can kill two birds with one stone here. I might suggest
creating a simple database table that associates a file with an ID
number. This will help you achieve your goal of anonymizing the file
name by using an ID number in its place, and it helps to secure your
application by not accepting user input (anyone could change a filename
in the URL to exploit potential vulnerabilities in your script, but ID
numbers are harmless). Your database could also be easily modified as
files are added or removed.
If it's not possible to use a database, another (less desirable)
approach might be to set up an array in the function that redirects the
user to the file that relates an index number with a filename. Again,
when someone requests a particular file, you would be passing a number
to your script rather than a filename, achieving both goals. This
would be harder to maintain if your file collection changes frequently.
I'm sure there are other ways to do this, so these solutions are by no
means exhaustive. :)
Geoffrey
Brian Huether wrote:
> I have a function that serves audio as a stream. I don't want people to see
> the filename. But I am using urls of this sort:
>
> audio.php?op=serveaudio&file=www.somefile.mp3
>
> 1) How can I encrypt www.somefile.mp3 and then reconstruct it?
>
> 2) How should I really be doing this? Should I be putting the file name into
> a server variable? If so, what would that syntax be?
>
> thanks,
>
> brian
Navigation:
[Reply to this message]
|