[opensuse] Re: protecting online images
Le 28/12/2009 14:25, Felix Miata a écrit :
On 2009/12/28 08:48 (GMT+0100) jdd-gmane composed:
I try to protect some online images.
You can't. For a site visitor to see them the browser has to first fetch them. Once fetched, there's no way to prevent saving locally. You can make it more difficult for the clueless to do, but anyone with more than nominal browsing experience will probably know or find a way around your attempts.
I may not have been clear. Visitor can and have to be allowed to save the displayed image. But on a list of images, some are private, some public and the names are mostly sequential, so one can change the name on the public URL window and dl the private ones. for example public: image_100023.jpg private image_100027.jpg it's pretty easy to try 23, 24, 25, 26 and find 27 (I already did this myself on some circomstances :-) I added on my generation script this: (for I loop) ran="-$RANDOM-" ; rename "." "$ran." $I ; like this the image names become image_100023-1589-.jpg image_100027-5376-.jpg like this I still can identify the image, but the full name is much more difficult to guess I know it's not impossible to crack, given enough time, but will the robots make such attempts?? I can randomize twice, but is this necessary (it takes time)? thanks jdd -- http://www.dodin.net http://valerie.dodin.org http://news.opensuse.org/2009/04/13/people-of-opensuse-jean-daniel-dodin/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
I don't know what language you are using, but what about storing the images on a database and then parsing them out through a php/perl/python script of somesort? On 12/28/2009 6:41 AM, jdd-gmane wrote:
Le 28/12/2009 14:25, Felix Miata a écrit :
On 2009/12/28 08:48 (GMT+0100) jdd-gmane composed:
I try to protect some online images.
You can't. For a site visitor to see them the browser has to first fetch them. Once fetched, there's no way to prevent saving locally. You can make it more difficult for the clueless to do, but anyone with more than nominal browsing experience will probably know or find a way around your attempts.
I may not have been clear.
Visitor can and have to be allowed to save the displayed image.
But on a list of images, some are private, some public and the names are mostly sequential, so one can change the name on the public URL window and dl the private ones. for example
public:
image_100023.jpg
private
image_100027.jpg
it's pretty easy to try 23, 24, 25, 26 and find 27 (I already did this myself on some circomstances :-)
I added on my generation script this:
(for I loop)
ran="-$RANDOM-" ; rename "." "$ran." $I ;
like this the image names become
image_100023-1589-.jpg image_100027-5376-.jpg
like this I still can identify the image, but the full name is much more difficult to guess
I know it's not impossible to crack, given enough time, but will the robots make such attempts??
I can randomize twice, but is this necessary (it takes time)?
thanks jdd
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 28 December 2009 14:41:22 jdd-gmane wrote:
Le 28/12/2009 14:25, Felix Miata a écrit :
On 2009/12/28 08:48 (GMT+0100) jdd-gmane composed:
I try to protect some online images.
You can't. For a site visitor to see them the browser has to first fetch them. Once fetched, there's no way to prevent saving locally. You can make it more difficult for the clueless to do, but anyone with more than nominal browsing experience will probably know or find a way around your attempts.
I may not have been clear.
Visitor can and have to be allowed to save the displayed image.
But on a list of images, some are private, some public and the names are mostly sequential, so one can change the name on the public URL window and dl the private ones. for example
public:
image_100023.jpg
private
image_100027.jpg
it's pretty easy to try 23, 24, 25, 26 and find 27 (I already did this myself on some circomstances :-)
I added on my generation script this:
(for I loop)
ran="-$RANDOM-" ; rename "." "$ran." $I ;
like this the image names become
image_100023-1589-.jpg image_100027-5376-.jpg
like this I still can identify the image, but the full name is much more difficult to guess
I know it's not impossible to crack, given enough time, but will the robots make such attempts??
I can randomize twice, but is this necessary (it takes time)?
thanks jdd
-- http://www.dodin.net http://valerie.dodin.org http://news.opensuse.org/2009/04/13/people-of-opensuse-jean-daniel-dodin/
Do you store them in the same folder??? Why not protect the private ones with a stronger login? Make a authenticated user account to use for the private ones. And maybe encrypt them with gpg perhaps? Only those with the right passkey can devrypt and view+ -- /Rikard Johnels
I found this script from one of my ecommerce packages I've tested. In .htaccess file RewriteEngine On # Stop image theft RewriteCond %{HTTP_REFERER} !^http://(.+\.)?hechlerpianoandorgan\.com/ [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F] -------------- Duaine -- Duaine Hechler Piano, Player Piano, Pump Organ Tuning, Servicing & Rebuilding Reed Organ Society Member Florissant, MO 63034 (314) 838-5587 dahechler@att.net www.hechlerpianoandorgan.com -- Home & Business user of Linux - 10 years -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
Duaine Hechler -
jdd-gmane -
John Meyer -
Rikard Johnels