[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

This is really tricky!!! Give me your lights!

Posted on 2004-10-27
12
Medium Priority
?
448 Views
Last Modified: 2012-06-27
We have develop a web site http://www.kefalonia-photos.com/

People can buy, shell photos .

----------------------
I have put lots of effort and lots of script to prevent  image toolbar , disable right click etc etc.

-----------------------
my only problem is that if someone right click on a photo (http://www.kefalonia-photos.com/default.asp)
from properties he gets image page   (e.g. http://www.kefalonia-photos.com/images/RIVER_small.jpg)

so if he play a little bit , at the end he will have this http://www.kefalonia-photos.com/images/RIVER.jpg

if you paste that http://www.kefalonia-photos.com/images/RIVER.jpg on IE it gives you the whole picture!!!!!!

------------------
so much effort for nothing!
---------------------------

Anyone has any ideas how i can prevent that ?

maybe with file permissions for folder images ???

pls tell me your opinion! Any different ideas will be more than welcome ...

-----------------
If possible , i don't want this question to be listed on a public area
thanks in advance
makis


0
Comment
Question by:msolomos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
12 Comments
 
LVL 3

Expert Comment

by:nan1217
ID: 12426857
First of all, this is a public forum.

Secondly, you said you disabled right-clicking so how can users get the path by right-clicking?  

Thirdly, the only website I've seen that kept me from being able to get an image did a combination of things.  First of all, disable right-clicking.  Second, put the site in a frameset (with the top frame being just a pixel in height so it doesn't really take up space and appears invisible) so if they try to save the whole site, it just saves the top frame and not the one with the images.  This also keeps them from viewing the source of the page.
0
 

Author Comment

by:msolomos
ID: 12427304
oh thanks !

maybe i said it right ...

if they save the page .... they get the thumbs ...
playing a little bit ...trying some adress will get to /images
---------
retype my questions

can i prevent directly access to folder /images   and its contents ?

makis


0
 
LVL 3

Expert Comment

by:techjosh
ID: 12427648
If you want to secure your images don't rely on the browser to do it for you.  Most browsers can disable javascript altogether and some browsers (like Mozilla Firefox) can disble javascript which disables/changes the context menu.  Any html/javascript craftiness will only prevent uninformed people from stealing your images.

The solution to this problem is to use server side scripting to do the following:
- check a user's session variables to make sure they are authenticated
- lookup the image they are trying to view and see if they've purchased it.
- if the have then display the image.
- if they haven't, then watermark the image so that people can see what it looks like but can't actually use it (like with "www.kefalonia-photos.com" written across the image diagonally in big red semi-transparent letters) and display the watermarked image.

You'll need to do the following:
- move your images to a place that is not accessible to the internet so people can't reverse engineer the location and access it with a browser
- create a server side script in your favorite language (asp?) that returns the images after determining if the user has purchased the image and watermarked it if appropriate.
- change your <img> tags to point to the new script like this: <img src="image.asp?imageid=XXXXX">

Doing just a bit of googling I found this activex component which allows you to add text to images using asp:
http://www.xnview.com/

Using that component, the image.asp I mentioned above would look something like this:
-----------------------------------------------------------
<!-- #include file="authenticat.asp" --> <!-- Im not gonna try and figure out how you authenticate -->
<script language=vbscript runat=server>
  Function GetImage()
    Dim img, path

    ' the GetImageFile function should return the path and filename
    ' of the image specified by imageid
    path = GetImageFile(Request.Querystring("imageid"))

    set img = Server.CreateObject("GflAx.GflAx")
    img.LoadBitmap path

    If Not (IsAuthenticated AND UserOwns(Request.Querystring("imageid"))) Then
      ' watermark image

      img.FontName = "arial"
      img.FontSize = 13
      img.TextOut "www.kefalonia-photos.com", 5, 5, RGB(255, 0, 0)
    end if

    img.Saveformat = 3 ' JPEG

    Response.ContentType = "image/jpeg"
    Response.BinaryWrite img.SendBinary
  End Function
</script>
<% GetImage %>
--------------------------------------------------------------------------------------

Of course there is a lot of work that you'll have to do, such as authenticating users and verifying that they've purchased the image.  Also, you may want to look into other asp objects... I'm sure there is one out there that lets you have rotated text so it displays over the entire image...

Good luck!
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Expert Comment

by:perezjos
ID: 12427864
Well,
disabling right clicking do not stop anyone to access the source or anything on a page . You can achieve the same from the tool menu item of your browser.

The problem is that you store the images with the syntax small_<name of the image>.

-You could store the image on a private forlder and access them with a script after payement on your secure site.
-You could send the image by email after payement and not store the images at all on your web site.
-You could you use a database and provide a url to get the picture after payement
-You could generate an error 404 if someone access the url as http://www.kefalonia-photos.com/images/RIVER.jpg and redirect the url to your payrmrnt page.....


 enough for today
regards
jose

0
 
LVL 12

Expert Comment

by:minichicken
ID: 12431899
Hi

To keep your images safe from people try to access it from the browser, you can store all your images outside the webroot directory. Once your images is outside the root directory people will not be able to access it or download it, as http://www.kefalonia-photos.com/ will only point to the root and nothing above it. In order to access it, you will need to run some server-side script, ASP or PHP.

I've got an example code here for PHP, if you are using it.

create a file called "download.php" with the following code in it.

<?
      $dir = "../images/"; //the directory is outside the web root folder, not accessible through web browsers
      $file=$dir.$_GET['file'];
      if (file_exists($file))
      {
         header("Content-type: application/force-download");
         header("Content-Transfer-Encoding: Binary");
         header("Content-length: ".filesize($file));
         header("Content-disposition: attachment; filename=".basename($file). "");
         readfile("$file");
      }
      else
      {
         echo "image does not exist";
      }
?>

on your download image link, you should have a path like this: http://www.kefalonia-photos.com/download.php?file=image_1.jpg
0
 

Author Comment

by:msolomos
ID: 12432025
guys i think you got in all wrong.
---------------
All the above answers is things that i already have done! (user authentication, server side scripting, database driven, watermark, disable right click)

------------------
I am repeating my question again .
--------------------
If someone from this link http://www.kefalonia-photos.com/type.asp?iType=78
save as web page

-------------
it saves all the photos to computer .

--------------
looking at photos he will get something    photo_small.jpg

----------------
so if he plays a little bit with Url of site etc etc he will go to www.kefalonia-photos.com/images/photo.jpg    (directly and get the whole photo intact!

-----------------
My question is : Is there any way you can prevent the access to http://www.kefalonia-photos.com/images/file.jpg   DIRECTLY ???

if this is done , then i am 100% accurate that no one can take the photos. But i need to prevent this

0
 
LVL 12

Accepted Solution

by:
minichicken earned 672 total points
ID: 12432151
As I said in my previous post, if you keep your image files outside your webroot (that is outside http://www.kefalonia-photos.com), the user will not be able to access it. Therefore it's protected from downloading the image by entering the direct URL. There is no way to access the image file, if you keep it outside the root directory using a web browser, you can access it with other apps, like FTP, but with browser, i doubt it.

The thing is that you need to use some server-side language. If you not using a server-side language like PHP, then please ignore this post, thanks :)
0
 
LVL 3

Expert Comment

by:nan1217
ID: 12433408
This product works with IIS to prevent direct linking to images.  $29.95.  http://www.dashtech.com/products/imgblock/

This ASP code will automatically redirect to another image if the request doesn't come from your website.  http://www.aspfaq.com/show.asp?id=2276

Some other miscellaneous ways of protecting your images.  Notice this site points out that there is no way to 100% protect your images but you can do things to make it more difficult.  http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=41
0
 
LVL 3

Assisted Solution

by:techjosh
techjosh earned 664 total points
ID: 12437276
I'm not sure you understand the suggestion thats been given to you by three different people: myself, perezjos, and minichicken.  That suggestion is that you store the images on the webserver in a place that they aren't accessible to the web.  For example: if you are using ASP on IIS your web root is probably somwhere like c:\Inetpub\wwwroot.  Your default.asp file would be in that directory... it would effectively be the root of your web site.  Now, if you place your photos OUTSIDE that directy... like in c:\Inetpub\ProtectedImages, they wouldn't be available to the internet, but your server side scripts could still access them.  By creating a server side script that knows when a user is logged in and if he has purchased an image you can control when your users see those images if at all.

I realize that your question is simply "Is there any way you can prevent the access to http://www.kefalonia-photos.com/images/file.jpg   DIRECTLY", and while you can disable the read permissions of that folder in IIS I have to wonder what good it would do you.  If you really just wanted to prevent access to those files and you have no need for them to ever be displayed on your site then why have them on there at all.

You cannot prevent people from viewing your images without controlling who sees them using a server side script if you ever want to display them online.  I surmize that you do need to display them on your site at some point, and to that end my first comment describes one way you can do that while controlling who sees the image and even providing a way to give a watermarked preview of the image to those who aren't supposed to see the image.  minichicken's comment provides a similar PHP example and his is better if you want to provide an Image download link, although I believe that the rest of your site is in ASP so my example may be easier to understand.
0
 
LVL 5

Assisted Solution

by:perezjos
perezjos earned 664 total points
ID: 12437877
Hello, still looking ?ok

iADODB.Recordset error '800a0bcd'

Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

/inc_type.asp, line 192

this is from you web site. So you or your provider, freedom 2 design, are using IIS and a database. But YOUR IMAGES ARE STORED IN A DIRECTORY called images and  is part of you web structure. It' looks like you are storing only a pointer to the image on the db. Have  you designed that web ? If yes you should understand what we try to explain or you get payed every time we click on one of your links (;-)). Just kidding right ?
Please please , move the files OUTSIDE your web structure and let your script load and send it in binary mode to the client.
regards
jose




0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is Node.js? Node.js is a server side scripting language much like PHP or ASP but is used to implement the complete package of HTTP webserver and application framework. The difference is that Node.js’s execution engine is asynchronous and event…
Styling your websites can become very complex. Here I'll show how SASS can help you better organize, maintain and reuse your CSS code.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question