PDA

View Full Version : Image Converyor Belt - secured?



afexTHC
06-29-2006, 03:55 AM
I have tried several of the popular image protection methods, but all of them seem to break the conveyor belt. If i can get this one locked i have another slideshow that uses a different JS that also needs to be locked down.

This site is for a photographer, so he is very concerned about the security of his images, and not satisfied by just watermarking.

I have modified the script to grab the contents of a folder and populate the script with the image names.

Here is a link to the site.
http://www.photosbymk.com

I hope someone can help me out here.

jscheuer1
06-29-2006, 04:46 AM
The photographer's images are protected by copyright. No other protection is needed or possible unless you are willing to use low quality and/or watermarked images only for live presentations.

afexTHC
06-29-2006, 01:49 PM
unfortunatly the customer wants some kind of server side image protection. I have told the client the same thing you said. But is not satisfied. And i really dont want to convert the slideshows to flash, due to their dynamic nature.

Twey
06-29-2006, 03:37 PM
I have told the client the same thing you said. But is not satisfied.Ask him who's meant to be the expert here.

You say server-side image protection. You could always use PHP to construct something like the following:
<?php
// imggate.php
if($_GET['pass'] == 'puff_the_magic_dragon' && strpos($_GET['file'], "..") === false) readfile($_GET['file']);
else die("Stop trying to steal my images.");
?>Then call the images as, for example, instead of "door.jpg", "imggate.php?pass=puff_the_magic_dragon&file=door%2ejpg". It doesn't actually offer any real protection, of course, but it doesn't hinder innocent users either, and you can show your client what happens if someone tries to access the image without the password. Depends if he's as clueless as he is arrogant. :)

afexTHC
06-29-2006, 04:31 PM
Only issue with using PHP, is im already executing ColdFusion code on the page.

Twey
06-29-2006, 05:11 PM
That's a totally seperate page. It doesn't matter what you're using on the page with the conveyor belt script.

Actually, there's a bug in the above. Try this instead:
<?php
// imggate.php
if($_GET['pass'] == 'puff_the_magic_dragon' && strpos($_GET['file'], "..") === false && file_exists($_GET['file'])) {
header('Content-Type: ' . mime_content_type($_GET['file']));
readfile($_GET['file']);
}
else die("Stop trying to steal my images.");
?>