[eluser]Jim OHalloran[/eluser]
[quote author="crikey" date="1188979557"]My question is, because the HTML for the search results will include the image paths, what can I do to prevent someone who views the page source from typing lots of different combinations of filenames in the url and possibly getting an image associated with a "private" item?[/quote]
Whenever I've had to solve this problem, this is what I did.... All of the images will need some sort of unique identifier, which can be something like the filename, an autoincrement number, the MD5/SHA1 hash of the file itself, doesn't matter as long as it's unique. I'll refer to this as the "image id" for the rest of the post.
Then store the images outside the site's web root ensuring that no one can access them without going through your script. Create a script which takes an image id, performs the necessary permissions checks, then makes a header() call to set the appropriate MIME type and echo out the file content to the browser. In CI you'd do this in a controller method and pass the image id in one of the URL segments.
That ensures the images can't be accessed by people URL guessing id's and trying to bypass the access controls. If your image ID is sequential (i.e. increments by 1 every time a new image is uploaded) someone can easily start at 0 and just try every possible image id. If you've done what I suggested earlier, they won't get access to images they shouldn't see, but you can't stop them from harvesting all of the images they can see. To stop that from happening you want to make the image id's non-sequential. You can either use very long random numbers, or the SHA1 hash of the image contents. The advantage of SHA1 is that theres 2^256 possible SHA1 hashes, and only a very small number of those will be used within your system. The ones that are used will be distributed at random amongst all of the possible vales. So if someone started at 0 and tried all of the possible SHA1 hashes, it could take a very long time for them to find one that's actually in use. Of course it won't stop them from hammering your server trying, but it does effectively prevent them from harvesting all of the images.
Hope that helps.
Jim.
