Solved

WANTED: CGI to prevent files from being linked

Posted on 1998-02-02
12
305 Views
Last Modified: 2013-12-25
I have a webcam that saves files under the same name in the same directory. Problem is I have people linking the images off my site onto theirs. I am looking for a CGI script that says if the image is not being loaded from this page I'm going to deny the request.
0
Comment
Question by:tclark
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +4
12 Comments
 
LVL 5

Expert Comment

by:icd
ID: 1831902
One way to do this is to not store the image with the same name every time. For example you could give it a random name and so any external links will fail when the name changes.

For example, store the image with the name "webcam847583.jpg". The script that displays this image will be able to determine the name of the file but scripts on other servers will not. (More on this later). If anyone links to this page then the link will fail when the next update from the webcam deletes "webcam847583.jpg" and creates a new random name of "webcam6736754.jpg" (for example).

You can use whatever random sequence you want, indeed it need not even be random, just increment the number each time you update the image will prevent anyone else from determining when the name changes.

The script that generates the page that has the image within it can do something like this at the point it needs to generate the html for the image link:-

opendir(IMG_DIR, "../img");
@allfiles = grep(/^webcam/, readdir(IMG_DIR));
closedir(IMG_DIR);
print "Latest Web Cam Image<br><img src=\"../img/";
print $allfiles[0]."\">\n";

So long as the script that generates the image ensures it deletes the old versions after it creates a new version then there will only be one file of the form "webcamXXXXXX.jpg" in the img directory.


0
 
LVL 5

Expert Comment

by:julio011597
ID: 1831903
If your images are published on the web, then there's no solution, since people will always be able to access and download them.

If, otherwise, users can only get your images through a CGI program, then the solution is quite simple (simpler than icd's one, i'm afraid).

Could you tell something more?
0
 
LVL 5

Expert Comment

by:icd
ID: 1831904
julio.

If I read the question correctly, it is not so much downloading the images but since this is a webcam tclark wants to prevent other pages embedding the webcam image within their own html pages. Rather like the way that newspaper sites try to prevent web sites embedding the 'comic of the day' in their own web page.

However, if I have mis-understood the problem, please present your own answer, tclark should reject my solution if s/he prefers yours.

0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 
LVL 5

Expert Comment

by:julio011597
ID: 1831905
Sorry icd, i really didn't mean to offend anybody; maybe my English betrayes me sometimes.

I'm not posting a solution because i'm not sure about what the question is; the simpler solution i was thinking about is just reading the HTTP_REFERER env var.

Regards
0
 
LVL 5

Expert Comment

by:icd
ID: 1831906
no offence taken.

I also thought about the HTTP_REFERER but is it not the case that it does not work with the IE browser? I also thought it did  not work with images embedded inside an html document but now that I think about it again I am probably wrong.

0
 

Expert Comment

by:joseph4
ID: 1831907
i avoid http_referer because not all browsers support it, yes. in fact, i don't fight leeches with cgi at all: i use htaccess to deny any requests from outside my own subnet. if you're interested in that approach, let us know.
0
 

Author Comment

by:tclark
ID: 1831908
I have thought of the cgi solution, but once again what is to prevent someone from simply calling the CGI. How about using a SSI to pull it? I guess I'm trying to find a way to hide the location of the images.

Todd
0
 
LVL 3

Expert Comment

by:gwalters
ID: 1831909
I know cookies are not all that popular (though I see your site already uses them), but you could do this:

1) Set a cookie on a previous page.
2) Look for the cookie when serving the image (which would be referenced through a CGI).
3) If the cookie is there, serve the image, else serve a "go away" image.

Now, even if they figure out that it's a cookie, they can't set it, since your image request will be on a different domain.
0
 
LVL 8

Expert Comment

by:jhurst
ID: 1831910
Have a look at the page:

http://www.geocities.com/Pipeline/7284

It uses <img src=...> but
0
 
LVL 3

Expert Comment

by:gwalters
ID: 1831911

I thought we already agreed to stay away from "Referer".

BTW, it did work with Internet Explorer, but I beleive some proxies may strip out "Referer".


0
 
LVL 5

Expert Comment

by:julio011597
ID: 1831912
AFAIK, due to HTTP protocol itself, there's no absolute solution to your problem; that's why i keep thinking the HTTP_REFERER solutions is the best :)
0
 
LVL 1

Accepted Solution

by:
dbogstad earned 100 total points
ID: 1831913
A POSSIBLE solution might be to try a Multipart MIME format for your CGI output. Instead of using HTML tags to embed your image file in your html file, use a multipart MIME type so that the HTML file AND the image file are combined by the HTTP server and sent to the browser. THat way, anyone hitting your CGI script would necessarily receive YOUR web page. Subsequently, you would want to hide the image file and directory from public view.

Check out this URL: http://reference.nrcs.usda.gov/ietf/rfc/2200/rfc2112.htm

maybe something like this:


     Content-Type: Multipart/Related; boundary=example-1
             start="<_@_._>";
             type="text/html"
     --example-1
     Content-Type: text/html
     <HTML>
     <BODY>
     
     --example-1
     Content-Type: image/jpeg
     // Write file data here with CGI script
     --example-1--

     Content-Type: text/html
     </BODY>
     </HTML>

     --example-1--
0

Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface This is the third article about the EE Collaborative Login Project. A Better Website Login System (http://www.experts-exchange.com/A_2902.html) introduces the Login System and shows how to implement a login page. The EE Collaborative Logi…
This article covers the basics of the Sass, which is a CSS extension language. You will learn about variables, mixins, and nesting.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question