by "still allow access" I simply meant that I could still refer to the
images in my HTML. ( <img src='/images/pic.jpg'> )
send_file isn't appropriate here ( as far as I'm aware ).
Suppose my profile image is located at "images/3.jpg". I want to
prevent users from then visiting "images/4.jpg" and checking out
pictures they don't have access to.
So far, encypting the image name seems to be the only solution.
Making it a little more difficult to 'guess' the picture url.
Anybody know of a better way to handle this?