You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Nocivo <no...@stack-studios.com> on 2002/02/18 19:09:36 UTC
image Theft
I have a site with more image and I need to permit the download of the
image only from internal referer.
I have try to make a .htaccess with this command and I have insert in
the directory that are a image:
SetEnvIfNoCase Referer "^http://www.mydomain.com/" local_ref=1
<FilesMatch ".(gif|jpg)">
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>
This don't work. The file jpg is forbidden from external referer and
internal referer.
The problem is that the link at image is from a .class java
applet???????????
Please help me
Massimo Ciani
RE: preventing confidential data from being cached in a form
Posted by Joshua Slive <jo...@slive.ca>.
> From: Greene Paul [mailto:greene_paul@bah.com]
> Is there a way to prevent form data from being saved in a web browser
> cache?
>
> In other words, a form on a web page is set up to collect confidential
> data from a client. I want to prevent that data from being cached on
> either the Apache web server end, or on the client web browser end, once
> the data is submitted in order to guarantee that it cannot be viewed by
> another user.
>
> Is that possible to do?
There are lots of ways to give hints to browsers about how to handle
caching. See the HTTP/1.1 specification for information about Cache-Control
and Expires headers. Of course, the browser is always free to do whatever
they want.
Probably the best way to do what you are asking is to use SSL to send the
data. This will protect it in transit, plus it lets the browser know that
it is sensitive. Most browsers won't cache SSL data, and proxies will not
even have the opportunity.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
preventing confidential data from being cached in a form
Posted by Greene Paul <gr...@bah.com>.
Hello All;
Is there a way to prevent form data from being saved in a web browser
cache?
In other words, a form on a web page is set up to collect confidential
data from a client. I want to prevent that data from being cached on
either the Apache web server end, or on the client web browser end, once
the data is submitted in order to guarantee that it cannot be viewed by
another user.
Is that possible to do?
Thanks
Paul Greene
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: image Theft
Posted by Joshua Slive <jo...@slive.ca>.
> The problem is that the link at image is from a .class java
applet???????????
[Please post in plain text]
It is completely at the discretion of the client whether or not a Referer
header will be sent. If you use the "combined" log format, you can check
your access log to see whether or not the client is sending this
information. If it is not, there is nothing you can do. The Referer header
was not designed for access control.
Joshua
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org