WANTED: CGI to prevent files from being linked

One way to do this is to not store the image with the same name every time. For example you could give it a random name and so any external links will fail when the name changes.

For example, store the image with the name "webcam847583.jpg". The script that displays this image will be able to determine the name of the file but scripts on other servers will not. (More on this later). If anyone links to this page then the link will fail when the next update from the webcam deletes "webcam847583.jpg" and creates a new random name of "webcam6736754.jpg" (for example).

You can use whatever random sequence you want, indeed it need not even be random, just increment the number each time you update the image will prevent anyone else from determining when the name changes.

The script that generates the page that has the image within it can do something like this at the point it needs to generate the html for the image link:-

opendir(IMG_DIR, "../img");
@allfiles = grep(/^webcam/, readdir(IMG_DIR));
closedir(IMG_DIR);
print "Latest Web Cam Image<br><img src=\"../img/";
print $allfiles[0]."\">\n";

So long as the script that generates the image ensures it deletes the old versions after it creates a new version then there will only be one file of the form "webcamXXXXXX.jpg" in the img directory.

If your images are published on the web, then there's no solution, since people will always be able to access and download them.

If, otherwise, users can only get your images through a CGI program, then the solution is quite simple (simpler than icd's one, i'm afraid).

Could you tell something more?

julio.

If I read the question correctly, it is not so much downloading the images but since this is a webcam tclark wants to prevent other pages embedding the webcam image within their own html pages. Rather like the way that newspaper sites try to prevent web sites embedding the 'comic of the day' in their own web page.

However, if I have mis-understood the problem, please present your own answer, tclark should reject my solution if s/he prefers yours.

Sorry icd, i really didn't mean to offend anybody; maybe my English betrayes me sometimes.

I'm not posting a solution because i'm not sure about what the question is; the simpler solution i was thinking about is just reading the HTTP_REFERER env var.

Regards

no offence taken.

I also thought about the HTTP_REFERER but is it not the case that it does not work with the IE browser? I also thought it did  not work with images embedded inside an html document but now that I think about it again I am probably wrong.

i avoid http_referer because not all browsers support it, yes. in fact, i don't fight leeches with cgi at all: i use htaccess to deny any requests from outside my own subnet. if you're interested in that approach, let us know.

I have thought of the cgi solution, but once again what is to prevent someone from simply calling the CGI. How about using a SSI to pull it? I guess I'm trying to find a way to hide the location of the images.

Todd

I know cookies are not all that popular (though I see your site already uses them), but you could do this:

1) Set a cookie on a previous page.
2) Look for the cookie when serving the image (which would be referenced through a CGI).
3) If the cookie is there, serve the image, else serve a "go away" image.

Now, even if they figure out that it's a cookie, they can't set it, since your image request will be on a different domain.

Have a look at the page:

http://www.geocities.com/Pipeline/7284

It uses <img src=...> but

I thought we already agreed to stay away from "Referer".

BTW, it did work with Internet Explorer, but I beleive some proxies may strip out "Referer".

AFAIK, due to HTTP protocol itself, there's no absolute solution to your problem; that's why i keep thinking the HTTP_REFERER solutions is the best :)