Director's new on-demand image publishing could be used for evil to create lots of images on your server. For that reason, we encode the URLs so they are not easily modifiable. To increase security even more, you should add the following to your user_setup.php file:

define('SALT', 'somerandomstring');

Change somerandomstring to something more unique. It should be a single string (no spaces and alphanumeric characters only) that would be difficult to guess.

After any change to your SALT setting, be sure to delete any files in the ssp_director/xml_cache folder.