<![CDATA[ Hashing image filenames - My Forums]]> https://forums.modx.com/thread/?thread=104869 <![CDATA[Hashing image filenames]]> https://forums.modx.com/thread/104869/hashing-image-filenames#dis-post-563891
NOTE: I know my code has background-image misspelled. When I spell it correctly, the forum adds additional code to my text for some reason. lol

Let's say I have this:
<div class="photo" style="backgrund-image: url('/assets/pictures/team/[[*MyID:default=`default`]].jpg');">
    <img src="/assets/pictures/team/[[*MyID:default=`default`]].jpg" alt="[[*pagetitle]]">
</div>


Which outputs to this:
<div class="photo" style="backgrund-image: url('/assets/pictures/team/Jeff1.jpg');">
    <img src="/assets/pictures/team/Jeff1.jpg" alt="Jeff's Bio">
</div>


Suppose I have dozens of users with bios like this, but I don't want someone to be able to pull all our usernames just from using the element inspector. I tried using the output filter md5, [[*MyID:md5:default=`default`]], which resulted in broken image links:
<div class="photo" style="backgrund-image: url('/assets/pictures/team/933e66335a0397da1d8e324b2815428e.jpg');">
    <img src="/assets/pictures/team/933e66335a0397da1d8e324b2815428e.jpg" alt="Jeff's Bio">
</div>


How can I do this correctly so that MODX knows how to find this file? Or is there a better way?

Thanks in advance!
]]> jeffsydor Feb 01, 2019, 05:18 PM https://forums.modx.com/thread/104869/hashing-image-filenames#dis-post-563891 <![CDATA[Re: Hashing image filenames]]> https://forums.modx.com/thread/104869/hashing-image-filenames#dis-post-563931
You can also prevent direct access to images with directives in .htaccess: https://stackoverflow.com/questions/3990337/how-to-protect-against-direct-access-to-images]]> BobRay Feb 04, 2019, 08:55 AM https://forums.modx.com/thread/104869/hashing-image-filenames#dis-post-563931 <![CDATA[Re: Hashing image filenames]]> https://forums.modx.com/thread/104869/hashing-image-filenames#dis-post-563910
A PHP file that would manage your image/file requests.

So, a http request to
/assets/mysnippets/file.php?filename=933e66335a0397da1d8e324b2815428e.jpg

Would be dehashed and addressed to
/assets/unwise/sensitive/material/mySocialSecurityNumberLOL.jpg

Look here for inspiration and further search keywords
https://stackoverflow.com/questions/5762523/protect-image-path-php

The issue is that once the image or its cloak has been served to the greedy internet, the toothpaste is already out the tube.

Your bestest bet is to nip the issue before it is an issue.
If this were an issue for me, I'd force all uploads through a PHP script that renamed the files right there on the server.
So that, my-wifes-maiden-name.jpg before upload becomes 2323232332u32iu3823u23u2832y38y823u82832832832323.jpg on the server.
And of course I'd lock up access to that folder to prevent renaming or some sort of mishap.

But it seems you might be dealing with an already established system ...]]> donshakespeare Feb 03, 2019, 12:15 AM https://forums.modx.com/thread/104869/hashing-image-filenames#dis-post-563910