[pLog-svn] resserver usage
Matt
matt at woodzy.com
Wed Oct 4 03:50:52 GMT 2006
Reto Hugi wrote:
> On 03.10.2006 23:02, Matt wrote:
>>> I was also considering using a 30x redirect but I am not sure what
>>> will happen with the file name. What I mean is that if somebody
>>> requests /resource/myalbum/myfile.jpg and resserver.php does a
>>> redirect to /gallery/44/44-23.jpg,
>>>
>> You could have a full page iframe in the 30x redirected page to hide the
>> "ugly" filename ;)
>>
>
> creative, but not an option in case of, say, archives and other files
> not displayed inline. :/
>
What do you mean displayed inline... if you have the iframe set to
something say an *.exe, IE and FireFox will ask if you wish to
download the file... should work the exact same way as a normal window.
The following code worked fine in a quick run with FF. Asked if I
wanted to open or save the file...
<html><body><iframe width=100% height=100%
src='archive.tar.gz'></iframe></body></html>
This doesn't "hide" the filename though as any inquisitive user could
find the "true" path.
But even the current system doesn't provide much security... one
understanding the code could just start making guesses with amazing
ease and success...
-Matt
--
Matt (matt\ at\ woodzy.com) Public Key: woodzy.com/woodzy.gpg.asc
More information about the pLog-svn
mailing list