Re: [OT] Secured photo rendering

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Angelo,

On 3/8/2010 6:22 PM, Angelo Chen wrote:
> As I notice, the photo rendering usually uses file system/Apache to speed up
> displaying

Where did you notice this? I can't imagine that Apache [httpd] improves
the performance of rendering an image.

> a url point at a photo URL, the photo is still available even
> when the page is finished. Is there a way to show the photo only thru the
> page? somehow secure the photo? Thanks,

Are you talking about only allowing images to be displayed within a page
from your own site? The only cheap solution is to check the "Referer"
header from the request to see if the page loading the image is "on your
site" whatever that means to you.

You could also check to make sure that the user is logged-in (if you
require logins) in order to request a page. This won't stop images from
being loaded by other sites in the case where the user really is
logged-in, but it should stop people from accessing images at random.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkuViIwACgkQ9CaO5/Lv0PAtvgCfWRBGu5tMXywwK9sQR3dntaie
ejwAnRBD3Bom30c+if1jWzi3occuvxU8
=MAmX
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org