Hi,

it's an important security issue and I'm sure this should be possible.

A simple example: You run a community portal. Users are registered and upload their pictures. Your application gives security rules wenever a picture is allowed to be displayed. For example users must be friends on each sides by the system, in order that you can view someone elses uploaded pictures.

Here comes the problem: it is possible that someone crawls the image directories of your server. But you want to protect your users from such attacks.

If it's possible to put the binary data of an image directly into the html markup, you can restrict the user access of your image dirs the user and group your web application runs of and pass the image data to your apache user and group directly in the html.

The only possible weakness then is the password of the user that your web app runs as.

Is there already a possibility?

Yours, Joern.