protecting images in rev-cgi generated html

Ian Wood revlist at azurevision.co.uk
Tue Jan 29 06:23:28 EST 2008


I think the bit you found on the PHP forum is a red herring, if the  
image doesn't appear in the HTML code *somewhere* then it's not going  
to be visible on the screen. It's impossible to totally stop people  
accessing an image that's visible in a browser window, you can only  
try to make it harder. And even then most of the workarounds will only  
affect Windows users, and any savvy user will simply grab it from the  
browser cache.

What is it that you are trying to stop people doing? Deep-linking  
(which you are already stopping with the .htaccess file), downloading  
the image, screengrabs? If there are specific things you want to stop  
there may be a way to do it.

Ian

On 29 Jan 2008, at 20:54, Nicolas Cueto wrote:

> However, from a browser people could easily
> peek at  the code and then link to the images
> on their own webpage via their url.
>
> My solution for now is to use an .htaccess file
> that prohibits such hotlinking. But, obviously, it's
> still possible to access any one of the images by
> simply entering  its url directly into a browser.
>
> Anyway. While looking for a solution, I came upon
> this interesting comment on a php/apache forum:
>
>
>  "A better solution would be to use a server-side
>  scripted approach, where the user sees a single
>  script-generated page, which then includes images
>  by calling them by *filename* on the server, not
>  by URL. These images need not even have a URL,
>  and would be accessible only by the script."




More information about the use-livecode mailing list