How do I hide the file path on an image with imageGen?
Hi,
How do I hide the file path on an image with imageGen?
I upload my image using the media picker and it has a path of e.g
/media/1234/graphic.jpg
I understand the way to protect the file path is to use a class with the ImageBaseDir as below. However the sub folder will be different for each image. Can someone tell me how I should protect my file path? Thanks
You're correct, the most you can do is hide the /media/ portion of the path with ImageBaseDir since that's the only consistent part of the path.
True, someone might figure out your site is running Umbraco and guess that the images really reside in the /media/ folder and guess a full path to the original image.
Not hugely likely but if that's a concern you might want to add some router rules that ensure all http(s) requests to /media/ include imagegen.ashx as part of the request, making it impossible to get to the original files from the public internet (you'd probably want to allow access for local and internal access). Or you could use IIS rewrite rules to create a similar effect. You could obscure things considerably by rewriting requests significantly. For example:
Instead of /imagegen.ashx?class=secret&image=/1234/graphic.jpg you could rewrite it to something like /mediacache/graphic/secret/1234.jpg with all the parts of the path representing portions of the real request for quick and easy rewriting while giving away little useful information.
How do I hide the file path on an image with imageGen?
Hi,
How do I hide the file path on an image with imageGen?
I upload my image using the media picker and it has a path of e.g
/media/1234/graphic.jpg
I understand the way to protect the file path is to use a class with the ImageBaseDir as below. However the sub folder will be different for each image. Can someone tell me how I should protect my file path? Thanks
Hi, Alan,
You're correct, the most you can do is hide the
/media/
portion of the path with ImageBaseDir since that's the only consistent part of the path.True, someone might figure out your site is running Umbraco and guess that the images really reside in the /media/ folder and guess a full path to the original image.
Not hugely likely but if that's a concern you might want to add some router rules that ensure all http(s) requests to /media/ include imagegen.ashx as part of the request, making it impossible to get to the original files from the public internet (you'd probably want to allow access for local and internal access). Or you could use IIS rewrite rules to create a similar effect. You could obscure things considerably by rewriting requests significantly. For example:
Instead of
/imagegen.ashx?class=secret&image=/1234/graphic.jpg
you could rewrite it to something like/mediacache/graphic/secret/1234.jpg
with all the parts of the path representing portions of the real request for quick and easy rewriting while giving away little useful information.Hope this helps.
cheers,
doug.
Thanks Douglas that's great!
is working on a reply...