It doesn't look like a dynamic file will help me, because the view source will probably show its contents.
1 a dynamic file is a file that is used by a server to generate the file that is sent to the browser.. it is NEVER directly viewable by the user
2 view source only shows the HTML of an html document.
3 view source never shows:
* stuff that's generated via .js ( tho it may show the .js or at least the link to the .js)
* the source of the stuff that's generated server side ( via PHP, ASP, NET, etc.). So what i was saying is if your file is dynamic in this way you could have it redirect somewhere else if certain credentials aren't met , for example if a session variable doesn't confirm.. redirect to some other page that says "bad hacker! no cookie!".
I was hoping to find a way to keep the location of an image file unknown by sticking it in an inaccessible php or other file type file.
there in lies the problem.. its the URL you are trying to hide... not the file and it's the url that has unrestricted access. You cant have have your cake and eat it. If you want someone to see the file , they WILL be able to see the location. Heck even if you could the data itself is temporarily stored in the browser cache; that is someone an just root through their own system after they have viewed the image, find their UA's Cache and root through that and find the image they just saw... all of them! If you don't want the location seen you cant show them the image. It's kinda evil to want it both ways.
If you are worried about copyright. A simple solution ... Watermark your image.
OK, in my typical manner now that I have expressed my objection I can also suggest this, but it will be RESOURCE INTENSIVE FOR YOUR SERVER!!
create a "cache" folder.
create a function ( because we like DRY code ) that you call any time you are about to output an image
this function would create a random string , append the same suffix as the image.
it now makes a copy of the image , renamed with that string I just mentioned, and puts it in the cache folder.
the src/link points to that cached image.
after the page has been served, another function empties the cache folder
In short image URIs are temporary, for one serve only
Other reasons why this is horrible:
You will be asking your server work on creating, renaming and hiding images per page, per serve !!!
Your visitors will have to re download images each page load ( since the URI will always be different the browser will assume is a different image)
but if its that important that no one hotlinks, then I guess it's THAT important