|
|
Posted by Jerry Stuckle on 04/17/07 17:39
Emmanuel Petit wrote:
> Sean a écrit :
>>
>> I am sure that there may be another solution, but I think that you
>> cannot path back outside of your webserver. I'd bet that if you moved
>> the 'uploads' folder inside the 'website' folder and change the link
>> accordingly, it would work.
>>
> It works fine if I move the 'uploads' folder back on the web site, but
> as it needs to be chmod 777, it is now open to everyone, and might
> become a security issue on my server.
>
> I read that by putting it outside the web folder, it could not be access
> by browsing, but I can not find any way to retrieve the folder, even
> that I can put them without any problem.
>
>> As www.mywebsite.com and the website folder should be the same ... I
>> take it that having <img src='../../uploads/images/test.gif'> makes no
>> difference?
>>
>>
>>
>>
The problem is that when you try to load the image, the user is
browsing. From the request to the server, there is absolutely no
difference between:
http://www.example.com/image.jpg
and loading a page with
<img src="/image.jpg"...>
Both result in a GET request from the browser to the server to retrieve
the image.
You could do something like create a php file which serves the images
from the other folder, but that's the hard way.
The real problem is why do you think the images have to be chmod 777.
That's absolutely incorrect. All they need is 400 and owned by the
webserver's userid, for instance.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|