Solved

WANTED: CGI to prevent files from being linked

Posted on 1998-02-02
12
301 Views
Last Modified: 2013-12-25
I have a webcam that saves files under the same name in the same directory. Problem is I have people linking the images off my site onto theirs. I am looking for a CGI script that says if the image is not being loaded from this page I'm going to deny the request.
0
Comment
Question by:tclark
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +4
12 Comments
 
LVL 5

Expert Comment

by:icd
ID: 1831902
One way to do this is to not store the image with the same name every time. For example you could give it a random name and so any external links will fail when the name changes.

For example, store the image with the name "webcam847583.jpg". The script that displays this image will be able to determine the name of the file but scripts on other servers will not. (More on this later). If anyone links to this page then the link will fail when the next update from the webcam deletes "webcam847583.jpg" and creates a new random name of "webcam6736754.jpg" (for example).

You can use whatever random sequence you want, indeed it need not even be random, just increment the number each time you update the image will prevent anyone else from determining when the name changes.

The script that generates the page that has the image within it can do something like this at the point it needs to generate the html for the image link:-

opendir(IMG_DIR, "../img");
@allfiles = grep(/^webcam/, readdir(IMG_DIR));
closedir(IMG_DIR);
print "Latest Web Cam Image<br><img src=\"../img/";
print $allfiles[0]."\">\n";

So long as the script that generates the image ensures it deletes the old versions after it creates a new version then there will only be one file of the form "webcamXXXXXX.jpg" in the img directory.


0
 
LVL 5

Expert Comment

by:julio011597
ID: 1831903
If your images are published on the web, then there's no solution, since people will always be able to access and download them.

If, otherwise, users can only get your images through a CGI program, then the solution is quite simple (simpler than icd's one, i'm afraid).

Could you tell something more?
0
 
LVL 5

Expert Comment

by:icd
ID: 1831904
julio.

If I read the question correctly, it is not so much downloading the images but since this is a webcam tclark wants to prevent other pages embedding the webcam image within their own html pages. Rather like the way that newspaper sites try to prevent web sites embedding the 'comic of the day' in their own web page.

However, if I have mis-understood the problem, please present your own answer, tclark should reject my solution if s/he prefers yours.

0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 
LVL 5

Expert Comment

by:julio011597
ID: 1831905
Sorry icd, i really didn't mean to offend anybody; maybe my English betrayes me sometimes.

I'm not posting a solution because i'm not sure about what the question is; the simpler solution i was thinking about is just reading the HTTP_REFERER env var.

Regards
0
 
LVL 5

Expert Comment

by:icd
ID: 1831906
no offence taken.

I also thought about the HTTP_REFERER but is it not the case that it does not work with the IE browser? I also thought it did  not work with images embedded inside an html document but now that I think about it again I am probably wrong.

0
 

Expert Comment

by:joseph4
ID: 1831907
i avoid http_referer because not all browsers support it, yes. in fact, i don't fight leeches with cgi at all: i use htaccess to deny any requests from outside my own subnet. if you're interested in that approach, let us know.
0
 

Author Comment

by:tclark
ID: 1831908
I have thought of the cgi solution, but once again what is to prevent someone from simply calling the CGI. How about using a SSI to pull it? I guess I'm trying to find a way to hide the location of the images.

Todd
0
 
LVL 3

Expert Comment

by:gwalters
ID: 1831909
I know cookies are not all that popular (though I see your site already uses them), but you could do this:

1) Set a cookie on a previous page.
2) Look for the cookie when serving the image (which would be referenced through a CGI).
3) If the cookie is there, serve the image, else serve a "go away" image.

Now, even if they figure out that it's a cookie, they can't set it, since your image request will be on a different domain.
0
 
LVL 8

Expert Comment

by:jhurst
ID: 1831910
Have a look at the page:

http://www.geocities.com/Pipeline/7284

It uses <img src=...> but
0
 
LVL 3

Expert Comment

by:gwalters
ID: 1831911

I thought we already agreed to stay away from "Referer".

BTW, it did work with Internet Explorer, but I beleive some proxies may strip out "Referer".


0
 
LVL 5

Expert Comment

by:julio011597
ID: 1831912
AFAIK, due to HTTP protocol itself, there's no absolute solution to your problem; that's why i keep thinking the HTTP_REFERER solutions is the best :)
0
 
LVL 1

Accepted Solution

by:
dbogstad earned 100 total points
ID: 1831913
A POSSIBLE solution might be to try a Multipart MIME format for your CGI output. Instead of using HTML tags to embed your image file in your html file, use a multipart MIME type so that the HTML file AND the image file are combined by the HTTP server and sent to the browser. THat way, anyone hitting your CGI script would necessarily receive YOUR web page. Subsequently, you would want to hide the image file and directory from public view.

Check out this URL: http://reference.nrcs.usda.gov/ietf/rfc/2200/rfc2112.htm

maybe something like this:


     Content-Type: Multipart/Related; boundary=example-1
             start="<_@_._>";
             type="text/html"
     --example-1
     Content-Type: text/html
     <HTML>
     <BODY>
     
     --example-1
     Content-Type: image/jpeg
     // Write file data here with CGI script
     --example-1--

     Content-Type: text/html
     </BODY>
     </HTML>

     --example-1--
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question