Hello,
I would like to control access to images based on the connected user (this is required for security reasons). I found two solutions:
An image.php file returning an image resource:
However this requires passing the requested file as GET variable (not literal filename), loading additional classes and executing code to determine whether the user can access the requested file. I suspect this can get resource intensive when a page has 20-50 images.
Data URI’s:
This would require generating a data URI string for every image on the page.
Frankly the second method seems logically better, as it would all be done from one place, subjected to the access permissions already inforced. I am only worried about the additional resources this might require.
Please advice on which method would be more preferable, and add any additional info you believe would be useful.
Instead of having to generate the base64 image string every time, it can be generated one upon upload, stored in the database and served to the client upon request.
I’d venture to say, keeping the files in the database is an overall bad solution, simply because it won’t scale well. This would also have nothing to do with what data URIs were meant to do. Be warned, the size of data URIs should be limited, i.e. it should only be used for icon graphics or quite small images, not for regular images.
Since you shouldn’t use data URIs for larger images, Point 1 is the only method left and the correct one for serving up “secure” images.
