Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: image protection

  1. #1
    Join Date
    Sep 2010
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default image protection

    1) Script Title:

    Online Tools: .htaccess Password Generator

    2) Script URL (on DD):

    http://tools.dynamicdrive.com/password/

    3) Describe problem:

    Hi! I´m building a flash website for a friend that loads an xml with the list of images of the site. He wants his images protected, so no one can download them, specially because the images will have a rather good resolution, so his work could be copied. If anyone finds the xml it would be like handing them a list of images and their locations, so I thought that the best way would be to configure an htaccess so even if you know where the images are, the browser cannot get to them. Is that possible? How can it be done? Im actually an industrial designer so my programming skills go as far as Action Script (no php or asp)... Im not really worried about a printscreen because the flash file has a couple of interactive elements on top of the image. Any help would really be apreciated!

  2. #2
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    If all the images are in the same directory, just put an .htaccess password on that directory.

    You should note, however, that regardless of how difficult you make it for people to download your images, they will still be downloaded with the flash file. If people really want them, they have them. Your alternative is to use lower-resolution images. Read more (post #4 may be relevant to your issue).

  3. #3
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    30,495
    Thanks
    82
    Thanked 3,449 Times in 3,410 Posts
    Blog Entries
    12

    Default

    Something I was wondering about this, and I really don't know. If you were to do that, might that prevent the images from being shown at all?
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  4. #4
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    your scripts should still be able to get the images. I know it doesn't affect php scripts running on the same server, but it would affect things like <img> tags in your own html. But I don't know about flash, exactly. not my area

  5. #5
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    30,495
    Thanks
    82
    Thanked 3,449 Times in 3,410 Posts
    Blog Entries
    12

    Default

    Well PHP has no problem because (I would imagine) it's the server making the request for the file, not the browser. So it depends upon what's requesting the image file. If it's the swf via the Flash plug in of the user's browser, that would probably not work unless the Action Script of the swf somehow supplies this password. And then, a clever would be image thief could get that password from the swf file. But it would certainly be more difficult than just finding the image address. The password should not be put in the xml file though, however tempting that might be.
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  6. #6
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    A .htaccess password will block ALL incoming connections to that file, unless a valid password has been entered. This includes ANY request from the user-- img tags, directly downloading it, loading it into an SWF, whatever.
    PHP is, as you said, an exception because it is getting the files locally (on the server, in a nearby directory) rather than making a request to the server-- in fact, for PHP or something else operating on the server, the "server" software (including .htaccess) is completely irrelevant.


    Here's the bottom line: if people can see the image, they have already saved it to their computer (and can access it other ways, such as directly visiting the URL). The end. There's no way around that.

    If you want to get into something really messy, I suppose you could look into a flash media server. Honestly that sounds like a terrible idea in this situation (and expensive).
    Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  7. #7
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    Quote Originally Posted by jscheuer1 View Post
    So it depends upon what's requesting the image file...
    exactly. and I don't know much about how flash works, so...

  8. #8
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    It doesn't depend on what's requesting it at all: the only exception to the server denying a request without a password is if it's an internal request from PHP (etc). Otherwise, you simply can't get at the file.
    Even if you could set it to only allow requests from flash, users could build a SWF to grab it.
    Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  9. #9
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    30,495
    Thanks
    82
    Thanked 3,449 Times in 3,410 Posts
    Blog Entries
    12

    Default

    Quote Originally Posted by djr33 View Post
    It doesn't depend on what's requesting it at all: the only exception to the server denying a request without a password is if it's an internal request from PHP (etc)
    Excuse me, it does depend. It depends upon whether its the server or the client, as I said:

    Quote Originally Posted by jscheuer1 View Post
    Well PHP has no problem because (I would imagine) it's the server making the request for the file, not the browser. So it depends upon what's requesting the image file.
    But this isn't really a disagreement, if anything - it's a misunderstanding, more like being quoted out of context.
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  10. #10
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    Quote Originally Posted by djr33 View Post
    It doesn't depend on what's requesting it at all: the only exception to the server denying a request without a password is if it's an internal request from PHP (etc). Otherwise, you simply can't get at the file.
    Even if you could set it to only allow requests from flash, users could build a SWF to grab it.
    Yes,

    What I meant was I didn't know enough about how flash works - if it's assembled server-side and then output (in which case it might work just fine), or if it's output first and then the flash player sends requests for all the components (in which case, it wouldn't work at all).

    I had initially (during my first post) thought the former, but after reading your replies, I suspect it's probably the latter. As John said, I think we just misunderstood each other.

    In any case, the second half of my post stands: if they want it, they have it.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •