Hi People

I am putting together a back office app for a local authority where the images are very sensitive, nothing bad just personal information stuff.

has anyone got any comments on the best way to secure these. I was thinking of hashing the directory name and image so no one would ever be able guess it, for instance the URL of the image would be something like

https://webname/doc_area/uw8enl4s/m3...nc9a84jgr5.jpg

Would this be regarded as a secure method if no directory browsing is alowed?

granted once the user browses to it they would have the image in their cache but I am looking at only giving access to images to the administrators who would have the images on their computers anyway.

The only other thing I can think of is in some way serving the image back to a temporary directory or inline data which would destroy when the page closes?

Any thoughts?

Thanks in advance

Keith