Home/ Questions/Q 132499
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T06:16:20+00:00

I work on a site that generates dynamic images for each specific user. Sometimes

  • 0

I work on a site that generates dynamic images for each specific user. Sometimes these images contain depictions of very sensitive data. Lately we have started to see requests for images that belong to a different user in the form of

http://myapp/images/someuid/image1.jpg

obviously, someone figured out they could access another users images if they created the proper URL. we store the images to the file system to help reduce bandwidth.

  • how can we protect this – some sort of http handler?

  • is there a way of serving the image to take advantage o -f caching without having to write it to the file system and letting IIS do the dirty work?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Use an .ashx:-

    TimeSpan maxAge = new TimeSpan(0, 15, 0); //!5 minute lifetiem.  context.Response.ContentType = 'image/gif'; context.Response.Cache.SetCacheability(HttpCacheability.Private); context.Response.Cache.SetExpires(DateTime.UtcNow.Add(maxAge)); context.Response.Cache.SetMaxAge(maxAge); context.Response.Cache.SetLastModified(lastModified); // last modified date time of file context.Response.WriteFile(filenameofGif);

    You can include what ever code checks you need to ensure the correct users is accessing the image.

    • 0