Is there a reliable way to prevent the browser from downloading
(copyrighted) images? I've seen some sites that try and I was able to
work around it in a minute.
I'm guessing there's an Ajax technique analogous to writing to
innerHTML that would write the binary data. Writing an img tag that
way doesn't seem very secure.
One alternative I can think of is to make a hardlink on the server
from the filename to a temporary filename that I delete as soon as the
download is done.
I could have the url refer to some specific action that does a
'render' but users 'save file' would go to the same action.
Come to think of it, it probably depends on what browser they're
using.
Any ideas, code or references will be appreciated.
Most methods can be circumvented -- if you don't feel a copyright
water mark within the image (or overlaying with an invisible div) is
enough then you could render the image within a flash/java/silverlight
etc. applet.
Are you just trying to avoid hot linking or the saving of images?
Hot linking can be resolved at the web server level.
Is there a reliable way to prevent the browser from downloading
(copyrighted) images? I've seen some sites that try and I was able to
work around it in a minute.
I'm guessing there's an Ajax technique analogous to writing to
innerHTML that would write the binary data. Writing an img tag that
way doesn't seem very secure.
One alternative I can think of is to make a hardlink on the server
from the filename to a temporary filename that I delete as soon as the
download is done.
I could have the url refer to some specific action that does a
'render' but users 'save file' would go to the same action.
Come to think of it, it probably depends on what browser they're
using.
Any ideas, code or references will be appreciated.
Well, preventing image-downloads server-side is near to impossible: Every
image accessed by http is downloaded by the browser - by design. There is no
way to tell the browsers, proxies, http-libs, etc. all together: Hey, it's
forbidden to save it somewhere instead of showing it to the user.
There are actually a few html hacks (putting divs in front of the image, etc.)
put, etc. but none of them will work out well (defective by design).
So, what options do you have then?
- Embed visible watermarks, use time-stamp services in order to prohibed
distribution on an juridical level.
(For visible watermarks you can use http://rmagick.rubyforge.org/ - here we
go: for now on, this thread is related to RoR *g*),
- Use client techniques (in other words: DRM), that will prevent your media to
be stored elsewhere.
Anything I can see on my screen I can save. Screenshot anybody? So the
best option is to do a watermark. Anything else you'll just have to do
a 403 on them, which isn't going to help the service I guess.
