views:

95

answers:

1

I'm writing a portal in PHP that allows users to upload DICOM images, and allow users of the same group to view those DICOM images through a Java Applet. The html code to display images through the viewer looks like this:

<APPLET archive=radscaper.jar codebase=./ code=com.divinev.radscaper.Main.class width=100% height=100%>
<PARAM NAME=Config VALUE=config.xml>
<PARAM NAME=DicomImg1 VALUE="relative_path1/image1.dcm">
</APPLET>

So the generated html passes in a file url to the java applet. The problem I'm facing is - files would be stored in a public directory and easily accessed by anyone knowing the file url. Is there a way I can restrict file access to a certain user group?

+2  A: 

Use a php script for the DicomImg1 value, example:

<PARAM NAME=DicomImg1 VALUE="serve-dcm.php?id=image1.dcm">

The php script can check if the client is allowed and acts accordingly.

Thats one way.

zaf