Solved

This is really tricky!!! Give me your lights!

Posted on 2004-10-27
446 Views
Last Modified: 2012-06-27
We have develop a web site http://www.kefalonia-photos.com/

People can buy, shell photos .

----------------------
I have put lots of effort and lots of script to prevent  image toolbar , disable right click etc etc.

-----------------------
my only problem is that if someone right click on a photo (http://www.kefalonia-photos.com/default.asp)
from properties he gets image page   (e.g. http://www.kefalonia-photos.com/images/RIVER_small.jpg)

so if he play a little bit , at the end he will have this http://www.kefalonia-photos.com/images/RIVER.jpg

if you paste that http://www.kefalonia-photos.com/images/RIVER.jpg on IE it gives you the whole picture!!!!!!

------------------
so much effort for nothing!
---------------------------

Anyone has any ideas how i can prevent that ?

maybe with file permissions for folder images ???

pls tell me your opinion! Any different ideas will be more than welcome ...

-----------------
If possible , i don't want this question to be listed on a public area
thanks in advance
makis


0
Question by:msolomos
    10 Comments
     
    LVL 3

    Expert Comment

    by:nan1217
    First of all, this is a public forum.

    Secondly, you said you disabled right-clicking so how can users get the path by right-clicking?  

    Thirdly, the only website I've seen that kept me from being able to get an image did a combination of things.  First of all, disable right-clicking.  Second, put the site in a frameset (with the top frame being just a pixel in height so it doesn't really take up space and appears invisible) so if they try to save the whole site, it just saves the top frame and not the one with the images.  This also keeps them from viewing the source of the page.
    0
     

    Author Comment

    by:msolomos
    oh thanks !

    maybe i said it right ...

    if they save the page .... they get the thumbs ...
    playing a little bit ...trying some adress will get to /images
    ---------
    retype my questions

    can i prevent directly access to folder /images   and its contents ?

    makis


    0
     
    LVL 3

    Expert Comment

    by:techjosh
    If you want to secure your images don't rely on the browser to do it for you.  Most browsers can disable javascript altogether and some browsers (like Mozilla Firefox) can disble javascript which disables/changes the context menu.  Any html/javascript craftiness will only prevent uninformed people from stealing your images.

    The solution to this problem is to use server side scripting to do the following:
    - check a user's session variables to make sure they are authenticated
    - lookup the image they are trying to view and see if they've purchased it.
    - if the have then display the image.
    - if they haven't, then watermark the image so that people can see what it looks like but can't actually use it (like with "www.kefalonia-photos.com" written across the image diagonally in big red semi-transparent letters) and display the watermarked image.

    You'll need to do the following:
    - move your images to a place that is not accessible to the internet so people can't reverse engineer the location and access it with a browser
    - create a server side script in your favorite language (asp?) that returns the images after determining if the user has purchased the image and watermarked it if appropriate.
    - change your <img> tags to point to the new script like this: <img src="image.asp?imageid=XXXXX">

    Doing just a bit of googling I found this activex component which allows you to add text to images using asp:
    http://www.xnview.com/

    Using that component, the image.asp I mentioned above would look something like this:
    -----------------------------------------------------------
    <!-- #include file="authenticat.asp" --> <!-- Im not gonna try and figure out how you authenticate -->
    <script language=vbscript runat=server>
      Function GetImage()
        Dim img, path

        ' the GetImageFile function should return the path and filename
        ' of the image specified by imageid
        path = GetImageFile(Request.Querystring("imageid"))

        set img = Server.CreateObject("GflAx.GflAx")
        img.LoadBitmap path

        If Not (IsAuthenticated AND UserOwns(Request.Querystring("imageid"))) Then
          ' watermark image

          img.FontName = "arial"
          img.FontSize = 13
          img.TextOut "www.kefalonia-photos.com", 5, 5, RGB(255, 0, 0)
        end if

        img.Saveformat = 3 ' JPEG

        Response.ContentType = "image/jpeg"
        Response.BinaryWrite img.SendBinary
      End Function
    </script>
    <% GetImage %>
    --------------------------------------------------------------------------------------

    Of course there is a lot of work that you'll have to do, such as authenticating users and verifying that they've purchased the image.  Also, you may want to look into other asp objects... I'm sure there is one out there that lets you have rotated text so it displays over the entire image...

    Good luck!
    0
     
    LVL 5

    Expert Comment

    by:perezjos
    Well,
    disabling right clicking do not stop anyone to access the source or anything on a page . You can achieve the same from the tool menu item of your browser.

    The problem is that you store the images with the syntax small_<name of the image>.

    -You could store the image on a private forlder and access them with a script after payement on your secure site.
    -You could send the image by email after payement and not store the images at all on your web site.
    -You could you use a database and provide a url to get the picture after payement
    -You could generate an error 404 if someone access the url as http://www.kefalonia-photos.com/images/RIVER.jpg and redirect the url to your payrmrnt page.....


     enough for today
    regards
    jose

    0
     
    LVL 12

    Expert Comment

    by:minichicken
    Hi

    To keep your images safe from people try to access it from the browser, you can store all your images outside the webroot directory. Once your images is outside the root directory people will not be able to access it or download it, as http://www.kefalonia-photos.com/ will only point to the root and nothing above it. In order to access it, you will need to run some server-side script, ASP or PHP.

    I've got an example code here for PHP, if you are using it.

    create a file called "download.php" with the following code in it.

    <?
          $dir = "../images/"; //the directory is outside the web root folder, not accessible through web browsers
          $file=$dir.$_GET['file'];
          if (file_exists($file))
          {
             header("Content-type: application/force-download");
             header("Content-Transfer-Encoding: Binary");
             header("Content-length: ".filesize($file));
             header("Content-disposition: attachment; filename=".basename($file). "");
             readfile("$file");
          }
          else
          {
             echo "image does not exist";
          }
    ?>

    on your download image link, you should have a path like this: http://www.kefalonia-photos.com/download.php?file=image_1.jpg
    0
     

    Author Comment

    by:msolomos
    guys i think you got in all wrong.
    ---------------
    All the above answers is things that i already have done! (user authentication, server side scripting, database driven, watermark, disable right click)

    ------------------
    I am repeating my question again .
    --------------------
    If someone from this link http://www.kefalonia-photos.com/type.asp?iType=78
    save as web page

    -------------
    it saves all the photos to computer .

    --------------
    looking at photos he will get something    photo_small.jpg

    ----------------
    so if he plays a little bit with Url of site etc etc he will go to www.kefalonia-photos.com/images/photo.jpg    (directly and get the whole photo intact!

    -----------------
    My question is : Is there any way you can prevent the access to http://www.kefalonia-photos.com/images/file.jpg   DIRECTLY ???

    if this is done , then i am 100% accurate that no one can take the photos. But i need to prevent this

    0
     
    LVL 12

    Accepted Solution

    by:
    As I said in my previous post, if you keep your image files outside your webroot (that is outside http://www.kefalonia-photos.com), the user will not be able to access it. Therefore it's protected from downloading the image by entering the direct URL. There is no way to access the image file, if you keep it outside the root directory using a web browser, you can access it with other apps, like FTP, but with browser, i doubt it.

    The thing is that you need to use some server-side language. If you not using a server-side language like PHP, then please ignore this post, thanks :)
    0
     
    LVL 3

    Expert Comment

    by:nan1217
    This product works with IIS to prevent direct linking to images.  $29.95.  http://www.dashtech.com/products/imgblock/

    This ASP code will automatically redirect to another image if the request doesn't come from your website.  http://www.aspfaq.com/show.asp?id=2276

    Some other miscellaneous ways of protecting your images.  Notice this site points out that there is no way to 100% protect your images but you can do things to make it more difficult.  http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=41
    0
     
    LVL 3

    Assisted Solution

    by:techjosh
    I'm not sure you understand the suggestion thats been given to you by three different people: myself, perezjos, and minichicken.  That suggestion is that you store the images on the webserver in a place that they aren't accessible to the web.  For example: if you are using ASP on IIS your web root is probably somwhere like c:\Inetpub\wwwroot.  Your default.asp file would be in that directory... it would effectively be the root of your web site.  Now, if you place your photos OUTSIDE that directy... like in c:\Inetpub\ProtectedImages, they wouldn't be available to the internet, but your server side scripts could still access them.  By creating a server side script that knows when a user is logged in and if he has purchased an image you can control when your users see those images if at all.

    I realize that your question is simply "Is there any way you can prevent the access to http://www.kefalonia-photos.com/images/file.jpg   DIRECTLY", and while you can disable the read permissions of that folder in IIS I have to wonder what good it would do you.  If you really just wanted to prevent access to those files and you have no need for them to ever be displayed on your site then why have them on there at all.

    You cannot prevent people from viewing your images without controlling who sees them using a server side script if you ever want to display them online.  I surmize that you do need to display them on your site at some point, and to that end my first comment describes one way you can do that while controlling who sees the image and even providing a way to give a watermarked preview of the image to those who aren't supposed to see the image.  minichicken's comment provides a similar PHP example and his is better if you want to provide an Image download link, although I believe that the rest of your site is in ASP so my example may be easier to understand.
    0
     
    LVL 5

    Assisted Solution

    by:perezjos
    Hello, still looking ?ok

    iADODB.Recordset error '800a0bcd'

    Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

    /inc_type.asp, line 192

    this is from you web site. So you or your provider, freedom 2 design, are using IIS and a database. But YOUR IMAGES ARE STORED IN A DIRECTORY called images and  is part of you web structure. It' looks like you are storing only a pointer to the image on the db. Have  you designed that web ? If yes you should understand what we try to explain or you get payed every time we click on one of your links (;-)). Just kidding right ?
    Please please , move the files OUTSIDE your web structure and let your script load and send it in binary mode to the client.
    regards
    jose




    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    SASS allows you to treat your CSS code in a more OOP way. Let's have a look on how you can structure your code in order for it to be easily maintained and reused.
    Have you tried to learn about Unicode, UTF-8, and multibyte text encoding and all the articles are just too "academic" or too technical? This article aims to make the whole topic easy for just about anyone to understand.
    The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
    The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

    934 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now