Hi,
NB, not to stop capturing the single displayed Image, but to stop downloading
the entire image directory.
(In my Website you will do a search, and get some thumbnails, and these can be
enlarged one by one).
This topic seems to be frequent.
Some says that you under no circumstances can protect your images, others seem
to have preventing solutions.
Some says that everything uploaded to your web server can be taken down, others
manage to hide files.
As far as I understand so far I have an idea that the following might work.
Please guide me!
My Web provider has given me a space which has a Root folder, and below it is
the WebSiteRoot, which contains my website. The Root folder should not be
available for Web users. There I for instance put my Access DB (accessed through
ODBC). I have FTP access to this space.
So, I would like to put my Image folder in the Root folder, and have my Provider
make it a Virtual Directory in IIS, with an Alias name, and with No Browse
permissons (I hope that does not stop me from seeing it in my FTP program...),
but Write permisson (for me to upload to it), Read permisson (for the Web to get
the images), and with Anonymous Access set off.
Then I can refer to this Virtual Directory from inside my Website, using the
Alias name.
And in IMG SRC you may see the (alias) URL to this Virtual Directory, but an
outside user should not be able to access it.
Could this stop a user from downloading any images from my Image-folder?
Even if they are using some sort of ripoff utility?
(Or should I have to take a step further and ADO stream the image to the
htm-page through an ASP page in order to hide the URL completely?)
(And also, IF the ASP pages are invisible to the browser - could I hide my
images by renaming my .jpg-files to .asp-files? - I mean, the browser gladly
displays the image even if it is called .asp).
Thanks
Larry
11  8906 
LarryM wrote on 04 aug 2003 in microsoft.publi c.inetserver.as p.general: NB, not to stop capturing the single displayed Image, but to stop
downloading the entire image directory.
you can fool some people all the time
you can fool all people some time
but ....
Anything that is downloadable into the browser can be copied.
So keeping ALL directories on your asp site non browsable is imperative but
finally security wise useless. Only image files you do not download and
give a unguessable name are relatively safe. However, what is the use
having those on site anyway?
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
On 04 Aug 2003 17:02:23 GMT, "Evertjan." <ex************ **@interxnl.net > wrote: LarryM wrote on 04 aug 2003 in microsoft.publi c.inetserver.as p.general: NB, not to stop capturing the single displayed Image, but to stop
downloading the entire image directory.
Anything that is downloadable into the browser can be copied.
I don't contradict that..
Maybe I was unclear.
The question is if an imagefile displayed in this way is downloadable directly
from the directory?
Larry
LarryM wrote on 04 aug 2003 in microsoft.publi c.inetserver.as p.general: On 04 Aug 2003 17:02:23 GMT, "Evertjan."
<ex************ **@interxnl.net > wrote:
LarryM wrote on 04 aug 2003 in
microsoft.pub lic.inetserver. asp.general: NB, not to stop capturing the single displayed Image, but to stop
downloading the entire image directory.
Anything that is downloadable into the browser can be copied.
I don't contradict that..
Maybe I was unclear.
The question is if an imagefile displayed in this way is downloadable
directly from the directory?
Yes, if you know it's name.
You could hinder that by using an .asp intermediate file that looks at the
referrer name, but once displayed in a browser, it has a copy in the
clients tempfiles.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
On 04 Aug 2003 19:44:59 GMT, "Evertjan." <ex************ **@interxnl.net > wrote: LarryM wrote on 04 aug 2003 in microsoft.publi c.inetserver.as p.general:
On 04 Aug 2003 17:02:23 GMT, "Evertjan."
<ex************ **@interxnl.net > wrote:
LarryM wrote on 04 aug 2003 in
microsoft.pu blic.inetserver .asp.general:
NB, not to stop capturing the single displayed Image, but to stop
downloading the entire image directory.
Anything that is downloadable into the browser can be copied.
I don't contradict that..
Maybe I was unclear.
The question is if an imagefile displayed in this way is downloadable
directly from the directory?
Yes, if you know it's name.
Is then also ANY virtual directory (outside the default website) or ANY
directory on the Server Computer open for any user as long as you know or can
guess it's name (and put in an URL)?
Is it just a matter of guessing any directory and filename on a server, and then
you can download it??
You could hinder that by using an .asp intermediate file that looks at the
referrer name, but once displayed in a browser, it has a copy in the
clients tempfiles.
I say it again: This is not about stopping the image once it has been displayed
in the browser, not much you can do about that!
It is about stoppping bulk download of the entire image directory!
So you mean that I have no other option then to go the step which I also
mentioned: ADO stream the imagefile through an asp-file?
/Larry
LarryM wrote on 04 aug 2003 in microsoft.publi c.inetserver.as p.general: Yes, if you know it's name.
Is then also ANY virtual directory (outside the default website) or
ANY directory on the Server Computer open for any user as long as you
know or can guess it's name (and put in an URL)?
Is it just a matter of guessing any directory and filename on a
server, and then you can download it??
You could hinder that by using an .asp intermediate file that looks at
the referrer name, but once displayed in a browser, it has a copy in
the clients tempfiles.
I say it again: This is not about stopping the image once it has been
displayed in the browser, not much you can do about that!
It is about stoppping bulk download of the entire image directory!
So you mean that I have no other option then to go the step which I
also mentioned: ADO stream the imagefile through an asp-file?
Well, in my rented virtual machine, the cgi-bin is not accessable for
nonexecutables from outer space. so a directory /cgi-bin/images/ is only
accessable though ADO or scripting-host. The same is true for any normal
webside directory, where you can keep the name of secret, as long as you
have http-directory browsing off.
So /images/secretpathqwert y6284675/myimg.jpg is secret as long as you do
not point to it in any clientside script, but use myimg.asp to fetch it.
In myimg.asp I would put something like this:
<%
If request.serverv ariables("http_ referrer")
<>"http://mysite.org/index.asp" Then response.end
Set fs = server.CreateOb ject ("Scripting.Fil esystemobject")
Set pt = Server.MapPath( "/images/secretpathqwert y6284675/")
etc.
%>
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
On 04 Aug 2003 22:15:51 GMT, "Evertjan." <ex************ **@interxnl.net > wrote: LarryM wrote on 04 aug 2003 in microsoft.publi c.inetserver.as p.general:Yes, if you know it's name.
Is then also ANY virtual directory (outside the default website) or
ANY directory on the Server Computer open for any user as long as you
know or can guess it's name (and put in an URL)?
Is it just a matter of guessing any directory and filename on a
server, and then you can download it??
You could hinder that by using an .asp intermediate file that looks at
the referrer name, but once displayed in a browser, it has a copy in
the clients tempfiles.
I say it again: This is not about stopping the image once it has been
displayed in the browser, not much you can do about that!
It is about stoppping bulk download of the entire image directory!
So you mean that I have no other option then to go the step which I
also mentioned: ADO stream the imagefile through an asp-file?
Well, in my rented virtual machine, the cgi-bin is not accessable for
nonexecutabl es from outer space. so a directory /cgi-bin/images/ is only
accessable though ADO or scripting-host. The same is true for any normal
webside directory, where you can keep the name of secret, as long as you
have http-directory browsing off.
So /images/secretpathqwert y6284675/myimg.jpg is secret as long as you do
not point to it in any clientside script, but use myimg.asp to fetch it.
In myimg.asp I would put something like this:
<%
If request.serverv ariables("http_ referrer")
<>"http://mysite.org/index.asp" Then response.end
Set fs = server.CreateOb ject ("Scripting.Fil esystemobject")
Set pt = Server.MapPath( "/images/secretpathqwert y6284675/")
etc.
%>
Thanks Evertjan!
Have I got this right:
If somebody CAN guess that you have a directory
"/images/secretpathqwert y6284675/", is it then open for access
for this person, no matter where the directory is situated?
(I am thinking of outside or inside 'the default webside').
Is it just a matter of knowing the name of the directory to get access to it?
I am glad that you can bear with my questions, it seems to take a long time for
me to understand the systems..
/Larry
Larry,
The only way that images can be downloaded (bulk or otherwise) is if the
downloader knows the URL to each image. Since you have disabled "browse" in
IIS for that directory there is no way for a download program to reliably
determine the URLs unless you have links to them embedded in a page that the
program could parse to get the paths.
--
Mark Schupp
--
Head of Development
Integrity eLearning
Online Learning Solutions Provider ms*****@ielearn ing.com http://www.ielearning.com
714.637.9480 x17
"LarryM" <lm****@telia.c om> wrote in message
news:4m******** *************** *********@4ax.c om... On 04 Aug 2003 19:44:59 GMT, "Evertjan." <ex************ **@interxnl.net >
wrote:LarryM wrote on 04 aug 2003 in microsoft.publi c.inetserver.as p.general:
On 04 Aug 2003 17:02:23 GMT, "Evertjan."
<ex************ **@interxnl.net > wrote:
LarryM wrote on 04 aug 2003 in
microsoft.pu blic.inetserver .asp.general:
> NB, not to stop capturing the single displayed Image, but to stop
> downloading the entire image directory.
Anything that is downloadable into the browser can be copied.
I don't contradict that..
Maybe I was unclear.
The question is if an imagefile displayed in this way is downloadable
directly from the directory?
Yes, if you know it's name.
Is then also ANY virtual directory (outside the default website) or ANY
directory on the Server Computer open for any user as long as you know or
can guess it's name (and put in an URL)?
Is it just a matter of guessing any directory and filename on a server,
and then you can download it??
You could hinder that by using an .asp intermediate file that looks at
thereferrer name, but once displayed in a browser, it has a copy in the
clients tempfiles.
I say it again: This is not about stopping the image once it has been
displayed in the browser, not much you can do about that!
It is about stoppping bulk download of the entire image directory!
So you mean that I have no other option then to go the step which I also
mentioned: ADO stream the imagefile through an asp-file?
/Larry This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: benjamin |
last post by:
A pygame/python game resource question
######################################
I wander whether there is any possibility to compile a bunch of
resources for a program, like images and soundfiles into a package
like, let´s say "game.dat", so they do´t fly around in the programs
folder und can be edited by everyone.
Hope somebody can help me.
|
by: IkBenHet |
last post by:
Hello,
I use this script to upload image files to a folder on a IIS6 server:
******************* START UPLOAD.ASPX FILE **********************
<%@ Page Language="VB" Debug="true" %>
|
by: Bill |
last post by:
Anyone have any success in using global.asax to protect images in a folder from being
linked to by external websites?
I'd tried to use global.asa in the past, with no success. Any help would be appreciated.
THANKS,
Bill.
|
by: Garry Jones |
last post by:
I need to create a page with a password where I show photos. How do I stop
people from accessing the jpgs directly without going through the password
function.
I am using Windows XP and have a website which supports Mysql and php.
The end result should be a page where the user can type in a password and
access a few pages of thumbnails which can be clicked for enlargements.
Garry Jones
|
by: Wayne Smith |
last post by:
I've come up against a major headache that I can't seem to find a solution
for but I'm sure there must be a workaround and I would really be grateful
of any help.
I'm currently building a web site for a small club I belong to and one of
the features I would like to include is the ability to allow users to upload
image files.
unfortunately the servers web root www folder only allows READ and EXECUTE
permissions, which makes it...
| | |
by: John Kotuby |
last post by:
Hi all,
Maybe this is a simple problem found in ASP.NET 2.0 course 101, but I must
have missed it. When I create a page in Visual Web Developer and use URLs
like "/images/picture.gif " or a link like <a
href="../../Search/page.aspx">,
everything works fine as long as I publish the site to a root web like
http://localhost.
However, I am developing on my local C drive in c:\development\project. I
|
by: =?Utf-8?B?TWlrZQ==?= |
last post by:
Hi. I have an ASP.NET 2.0 web application which contains an Images directory
with all website images. How can I prevent other websites from creating img
tags with the source as my images? I want to prevent other websites from
serving my image.
For example - How can I prevent another website from doing this?
<img src="http://mywebsitename/images/image1.jpg"
Is this possible? Thanks
|
by: paitoon |
last post by:
Helle
I have problem about .htaccess in my site. My purpose is i want to protect a folder name's IMAGES in my site then i put .htaccess into that folder. But instead of the IMAGES folder will be protected but i could not open my site at all.seems like it not only protect the IMAGES folder but it protects to open my site also.
what should i do ? and what is the actually syntext to do this?
I use this systext;
AuthUserFile...
|
by: JOHNSHELL08 |
last post by:
Dear sir,
Please tell me the way to protect folder in usb drive and this will be always protect on every pc. what is the method or it is done by any software ? so please give the software download link or method to protect folder in usb drive
i searched it in google but i could not find any solution. so please give the solution
Thanks....................
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
