1

I have a group of dental photos that are stored using the patient's name that I would like to display on a webpage - minus the patient's info of course. It will all be in a password protected area, but one thing I realized is that if anyone inspected the element, it would have the path of the photo, which contains their name.

I used the code from this post: https://stackoverflow.com/a/35724642/3025534 which gives me back:

/pics/O/Patient Name1
|_DSC_0338.JPG
|_DSC_0339.JPG
|_DSC_0340.JPG
/pics/O/Patient Name2
|_DSC_3947.JPG
/pics/O/Patient Name3
|_DSC_2541.JPG
|_DSC_2542.JPG

I now have all the filename / path data in the database from that.

My brother was hoping I could setup a mini photo gallery that in "Admin" mode would show the patient names, but then when he wanted to show it to someone, it hides all that info.

I stumbled across this code that would work, but only for one file since it sets the header: 

<?php
    $file = 'your_images.jpg';
    header('Content-Type: image/jpeg');
    header('Content-Length: ' . filesize($file));
    echo file_get_contents($file);
?>

I could then reference that file by doing something like <img src="image.php?file=/pics/O/Patient Name1/DSC_0338.JPG"> but then I have just defeated the purpose of obfuscating it.

How would I loop though an array of files to display more than one at a time, in a gallery type format (not just lumped at the beginning or end of the page), while still hiding the source?

I should mention that there will be spaces in the filenames / directory names. It isn't my organizational structure, so I can't change it at the source- and it is part of an incremental backup, so I can't change it on the server.

Alan
  • 2,046
  • 2
  • 20
  • 43
  • if its only your bother showing them then you should need to hide the source. –  Jun 21 '17 at 21:24
  • 2
    If you're in the US, you need to drop everything and hire a HIPAA consultant. Publicly accessible patient photos is a major potential breach. – ceejayoz Jun 21 '17 at 21:29
  • He wants to be able to show them when he is at dental conventions to others to illustrate things he is doing. The obfuscation is in case he ever wanted to do it over the phone and the other person had the ability to inspect source. – Alan Jun 21 '17 at 21:30

1 Answers1

5

Use a unique key, instead of a patient name. For instance, you could make an md5 hash of the patient name, and then:

<img src="image.php?id=1234ABCD987655A5&img=DSC_0338.JPG">

But, if you can "guess" patient names, an attacker could generate the required md5 key. So generate a random key for each patient, and store it in a database. Use that to look up images.

Oh, and don't store patient data on the web, in a web-accessible directory.

AJNeufeld
  • 8,526
  • 1
  • 25
  • 44