Hello all,

I have a question regarding the security of my new web zine. The idea is that I have editors that can log into the site, and then upload comics in the form of a jpg. The way that I have this set up right now is that the jpg is submitted through a form and then placed into the authors sub directory in public/comics/. The record of the jpg is stored in a pendingcomics table in the database. The administrator has to come in and authorize the comic, which moves the record from the pendingcomics table over to the public_comics table so that it can be viewed by the rest of the world.
Now the problem. Is this secure enough? What if one of my editors forgets to log out and someone hi-jacks the account and posts a ton of pron. Now its true that these are not immediately available to the public, however, if someone knows the name of the files that were uploaded, can they be retreived directly from the public/comics/id/ directory?
One possible solution I thought of was to rename the file uploaded with random jibberish, and simply hide the image from the author untill it is authorized. Please give your thoughts on this.

Thanks for any help.

That is a reasonable risk you usually have to take with all websites. However, you could generate a random md5 hash, put it in the pending_comics table along with the comic and make a directory to put the comic in. The author would not have to know the hash and then the Admin can just approve it.

Another option is to put a servlet or some code in front of access to these images. Store the images outside of the public web directory so they cannot be accidentally browsed. The script to pull down the image can check that it is approved before it is shown. This is a common solution, though you may want to test the performance if you're expecting much traffic.