Solved

Protect valuable images

Posted on 2007-04-09
7
251 Views
Last Modified: 2008-06-08
Hi,

I am working on a website where I need the images to be stored in a secured/password protected folder so as visitors cannot view/save the image by right click or directly entering the path of image in URL. The images should be only accessible through the applications search page. This website is built in php. I hope I am able to explain my problem. Eagerly waiting for the reply.

Harsh
0
Comment
Question by:navtarainc
7 Comments
 
LVL 15

Accepted Solution

by:
Tomeeboy earned 125 total points
ID: 18876148
This shouldn't be too much of a problem.  You could use .htaccess, but I think a better solution would be to store these image files in a folder OUTSIDE of the home directory for your website.  This way, they cannot be accessed by Apache (so somebody cannot simply type the URL in and bring them up in a web browser), and can only be accessed by a PHP script that loads the images.

If you only want the images viewed through the applications search page, then that's the only place where you need to insert code that will display the images.  However, once an image is displayed to a user in a web browser, there's really no stopping them from copying it.  The best method there (if these are images that need protecting even after they are viewed with the search page) would be to put a watermark on them that cannot be easily removed.
0
 
LVL 15

Expert Comment

by:Tomeeboy
ID: 18876319
A quick example of displaying the image in PHP via your script.  For this example, let's say that you've stored your images in  /usr/home/navtarainc/ (a directory not accessible via the web).  Now, let's pull up test_image.jpg from that folder, using PHP:

<?php

$image_path = "/usr/home/navtarainc/";
$image_name = "test_image.jpg";

header("Content-type: image/jpeg");
readfile("$image_path.$image_name");

?>

If you're working with multiple types of images, you'll need to set the headers accordingly.  You can do something like this to determine the file type:

<?php

$ext = substr($image_name, -3);

switch ($ext) {
case "jpg":
     header("Content-type: image/jpeg");
     break;
case "gif":
     header("Content-type: image/jpeg");
     break;
}

?>

You can add more extension to the switch statement if you need to (make sure to order the statement by whichever image types are going to be most common, so that it's as efficient as possible).  Hope that helps!
0
 
LVL 50

Assisted Solution

by:Steve Bink
Steve Bink earned 125 total points
ID: 18878218
SSL will most certainly do the trick for protecting the files.  Tomeeboy's strategy provides an additional layer of protection normally used for sensitive information, like db connection info.  If you go with an external dir, you may need to pay attention to your PHP's open_basedir and safe_mode settings.  Check here for more information:

http://www.php.net/manual/en/features.safe-mode.php

Even so, once you display the picture, the user will still be able to right-click and save.  You can override that with some javascript, but that still depends on the user enabling it.  Microsoft did something similar with the Office Online clipart library.  Maybe you can get some ideas there:

http://office.microsoft.com/en-us/clipart/default.aspx
0
 
LVL 15

Assisted Solution

by:samri
samri earned 125 total points
ID: 18880902
hi navtarainc / all,

I would agree with above comments.  However, once the the image is displayed on user browser session, the image is practically exist somewhere on user machine (memory, or cache), and it would be possible for the user/client to copy that image.  

The javascript would disble the right-click button, but it would still be possible to do "File | Save as".

There is a classic "image-theft" protection - http://httpd.apache.org/docs/1.3/misc/FAQ.html#image-theft

that would display the image, it it was linked by your own website.  Howeve, it would still be possible to "hack" the REFERER header (in HTTP request).

good luck.

cheers.
0
 
LVL 27

Assisted Solution

by:Nopius
Nopius earned 125 total points
ID: 18886373
navtarainc, hi.

1) What about "so as visitors cannot view/save the image by right click", this feature is usually done with a javascript: http://javascript.internet.com/page-details/disable-images-click.html
You are not completely protected, since image is already in browser's cache (as and smart user still can 'save' such image. Here I agree with Tomboy, you may place a watermark with your website address on your images to provide some kind of protection.

2) What about 'or directly entering the path of image in URL. The images should be only accessible through the applications search page.', that's completely another case, that can be done  on a server side.
What I suggest is an 'image wrapper' - a PHP script that shows images. Scenario is the following: when submitting a 'search' your 'search.php' provides a session cookie to browser and stores this cookie in some database, call it 'session db'. Your image wrapper that should show an image, in html code looks like  '<img src=wrapper.php?id=lala>'. It should also check browser's cookie in your 'session db' if they match - it shows an image (it may map id=lala to some filename outside of www docroot, and it write it directly to stdout), after it (wrapper.php) resets this cookie and deletes it from 'session db' (so that user cannot see more files with the same search).
I guess you grasp an idea.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Adding Extra Information box 4 25
PHP Sum Column in Table 3 27
Google Chrome Notifications 2 26
uploading multiple image with php 14 17
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
This article discusses four methods for overlaying images in a container on a web page
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now