Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Looking to obfuscate filename

Status
Not open for further replies.
rhyno2k

rhyno2k

IS-IT--Management
Jun 9, 2001
222
US
Hi,


I'm building an online quote viewing application and I want to be able to hide the file location, so that viewers of a particular quote can't easily figure out the location of another.

The files will be in a /quotes folder, and will be labeled according to their quote number: e.g. 001667.swf, 001674.swf, etc.

What I'm thinking of is something like this:
Code: 
[URL unfurl="true"]http://www.mycompany.com/quote001667[/URL]
redirects to a login page. Upon success, user is presented with a link to:
Code: 
[URL unfurl="true"]http://www.mycompany.com/quote_display.php?q=R8h799cK1[/URL]
...where q = a string that always corresponds with the actual quote number of the file (e.g. 001667). I'm guessing this can be done with some sort of hash?

Also, I want to obfuscate the HTML source. I don't want people to simply be able to pop into view source for the above page and see "<param value=/quotes/001667.swf", "embed src=/quotes/001667.swf", etc. and try to get at the files directly.

How can I accomplish this?


Thanks,
--RHYNO
 
Sort by date Sort by votes
First, don't obfuscate HTML. If you do, there's no way for a general browser to be able to view your site. I suppose there are browser plugins you could require your users to install, but in general that's a very bad idea.

What I have done in the past for online quotes is to record in a database the quote data and a unique identifier for the quote (see uniqid() for information on how to generate the ID). Users are given only the unique id, not any kind of quote number, and quotes are generated on-the-fly after fetching the quote data from the database, not streamed from existing files.



Want the best answers? Ask the best questions! TANSTAAFL!
 
Upvote 0 Downvote
Sleipnir, thanks for the prompt response.

I chose the wrong word... I don't want to literally obfuscate the entire HTML document. I just want to hide/encrypt the direct file references ("/quotes/001667.swf") in the code for <object> and <param> -- if it can be done at all.

I just want to prevent people from peeking at the source, and guessing:
Code: 
[URL unfurl="true"]http://www.mycompany.com/quotes/00166[/URL][COLOR=red]8[/color].swf
to view other's quotes.

And unfortunately, I can't generate quotes on-the-fly. Each one is a custom, lovingly-handcrafted document. -sigh-


--RHYNO
 
Upvote 0 Downvote
Okay. Then create each quote document, store it on the server's filesystem, and record the document in the database. In each document's record in the database, record the unique ID.

Your users get only the link with the unique ID, your script looks up the document's record in the database and streams the document to the user's browser.



Want the best answers? Ask the best questions! TANSTAAFL!
 
Upvote 0 Downvote
Like sleipnir says, do...

I have made this script before, maybe in 2002-2003..

1) Admin area with upload, uploads files to the file-dir, lets the admin add title and such of the file.
2) Browse-area, where the user must register and request a download url sent with email
3) The user gets his / her download url, maybe it's:
random number>

4) The system checks if the user requested this download (eg. SELECT `blah` FROM `tbl_foo` WHERE `user_id` = <the logged in user> AND `download_id` = '<the id in the querystring>' AND `is_downloaded` < 1;

If it exists, this means the user requested the download and did not yet download it. If so, you stream the file and upon stream completion, run an UPDATE on the table:

UPDATE the table and SET the field is_downloaded to 1.

This means:
Each download url only works once
Each download url is tied to the user requesting it

You could also make a simple check if the user has requested a download already, if so, do not make another (so one cannot spam the table).

Purpose?
Well, I made it so the administrator of the site could see who was interested in the products and could then contact the interested parties.

It's quite easy, will set you back a couple of hours if you are a "medium" programmer.

Olav Alexander Mjelde
Admin & Webmaster
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

R
  • Question
How Can I Use MySQL To Send Data To An Email
Replies
1
Views
277
Chris Miller
Chris Miller
P
  • Locked
  • Question
JPgraph - How to stop a line graph from dropping to zero?
Replies
2
Views
390
Chris Miller
Chris Miller
W
  • Question
how to send checked row data in php
Replies
0
Views
58
wiltang2004
W
rogerte
  • Locked
  • Question
How to parse associative array
Replies
13
Views
1K
Chris Miller
Chris Miller
PeDa
  • Locked
  • Question
Basic Authentication fails to authenicate
Replies
0
Views
184
PeDa
PeDa

Part and Inventory Search

Sponsor

Back
Top