How to protect against direct access to images? [closed]

by

http://us3.php.net/image

You link the img element to a php file. This file checks if the user has the right permission, if so it can send an img response back.

<img src="https://stackoverflow.com/questions/3990337/url/LoadImg.php?id=1337" alt="" />

Still someone with the permission can download the image and provide it to other people somewhere else (webspace/mail/whatever). To make it a bit harder to steal it you can disable right clicking on the image, but still a user who knows a little bit about http should not have any problems to steal it.
You can place a signature over the image (for example the logo/name of your website) so people can see that you where the source. This can be done with php aswell.

If you want to be funy you can setup an other image that is sent if the link comes from an other page 😛

More Related Contents:

  1. How do I create a self-signed certificate for code signing on Windows?
  2. What is token-based authentication?
  3. Non-random salt for password hashes
  4. Prevent PDF file from downloading and printing
  5. Are HTTPS headers encrypted?
  6. JWT refresh token flow
  7. Cross Domain Login – How to log a user in automatically when transferred from one domain to another
  8. Where do you store your salt strings?
  9. How secure is a HTTP POST?
  10. Best Practices: Salting & peppering passwords?
  11. Payment Processors – What do I need to know if I want to accept credit cards on my website? [closed]
  12. What’s the right OAuth 2.0 flow for a mobile app
  13. Declaring Spring Bean in Parent Context vs Child Context
  14. where is the best place to save images from users upload
  15. What is the most secure seed for random number generation?
  16. Moving old passwords to new hashing algorithm?
  17. Should JWT be stored in localStorage or cookie? [duplicate]
  18. Is it secure to submit from a HTTP form to HTTPS?
  19. Is it worth encrypting email addresses in the database?
  20. How to prevent arbitrary client apps from using anonymous web API?
  21. Is HTTP header Referer sent when going to a http page from a https page?
  22. Is it possible to reverse a SHA-1 hash?
  23. Secure Google Cloud Functions http trigger with auth
  24. What is the appropriate way to manage API secrets within a Google Apps script?
  25. Keygen tag in HTML5
  26. My website got hacked.. What should I do? [closed]
  27. Remember me Cookie best practice?
  28. buffer overflow example from Art of Exploitation book
  29. Am I under risk of CSRF attacks in a POST form that doesn’t require the user to be logged in?
  30. Understanding CSRF

Leave a Comment