CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Beginner:
need help with small problem

 



Mel
Deleted

Jun 26, 2000, 9:00 AM

Post #1 of 6 (469 views)
need help with small problem Can't Post

I have a small problem I need help with:
I have just finished my script that keeps unauthorized users from linking to your images. So you would link to your image like
scripturl.pl?imagename.gif
and then it would return the correct image if you are a valid referer and a warning if you are not. However if you right click on the protected image and select view image on a page that is allowed to use the images, it shows you the real image, which reveals the real url to it so people can link straight to the real image. How can I fix this so that if someone selects view image it will show them the image but the url to it will still be scripturl.pl?imagename.gif

Thanks


monocle
User

Jun 25, 2000, 10:44 PM

Post #2 of 6 (469 views)
Re: need help with small problem [In reply to] Can't Post

sorry, I can't help you there. Maybe somebody else.


monocle
User

Jun 26, 2000, 9:09 AM

Post #3 of 6 (469 views)
Re: need help with small problem [In reply to] Can't Post

First you need to ask your self what the script is returning. If you view the source code of the resulting HTML page, does it give the real path to the image or the script path? If it gives the real path to the image, you still wont be able to protect yourself from right click. Any body can view the source code and see the real path. If it gives the script path, you can always use a Javascript to disallow the option to right click. I have such a Javascript if you are interested.


------------------
Monocle
Hear great techno music by Monocle at http://www.mp3.com/monocle. CD now on sale!



Mel
Deleted

Jun 26, 2000, 9:19 AM

Post #4 of 6 (469 views)
Re: need help with small problem [In reply to] Can't Post

Well here's what it does,
you link to your protected image like this:
<IMG SRC="script?image.gif">
just like a normal image, and on the page if the page is a valid referer thewn the image displays, otherwise it displays a waring image. The way the script sends them iage is
by
print "Location: $imageslocation/$quary";

but if you right click on the real image on the page it will display the real url to
$imageslocation/$quary instead of script?image.gif
and the later is waht I want it to do.
I know this can be done because I saw another script that does it but Im not going to buy the other scrtipt just to see how.

I would like to avoid using java script.


DrZed
User

Jun 26, 2000, 6:28 PM

Post #5 of 6 (469 views)
Re: need help with small problem [In reply to] Can't Post

If all your doing is passing the real URL, then you won't be able to hide it's location or it's access. Even java scripts to prevent clicking over the image are very poor methods of protection since the URL will be in the source.

What you need to do is have your script send the actual image data. This can be done, although I know little of it.

The following are valid HTTP header, but you would need to find how the rest of the info is sent.

Content-type: image/jpeg

Content-type: image/tiff

that should cover the basics. However, finding out how to send the actual data is an exercise to the reader.

Dr. Zed




Kanji
User / Moderator

Jun 26, 2000, 7:06 PM

Post #6 of 6 (469 views)
Re: need help with small problem [In reply to] Can't Post

<BLOCKQUOTE><font size="1" face="Arial,Helvetica,sans serif">code:</font><HR>

#!/usr/bin/perl -wT

use strict;

if ( open GIF, "/path/to/a.gif" ) {
binmode GIF;
print "Content-Type: image/gif\n\n",
<GIF>;
close GIF;
} else {
print "Content-Type: text/plain\n\n",
"Oops, couldn't open a.gif because: $!";
}</pre><HR></BLOCKQUOTE>

I leave it as an exercise to the reader on how to extend this to multiple files, but I strongly advise the use of -T (taint checking) if you display different images based on arguments passed to the CGI.

Checking for naughty things like .. in the requested file is also a must. :-)

If the files aren't on the same machine, you'd need to use LWP or something to retrieve them first, but that'd be a waste of bandwidth when it's so trivial a thing to configure the Referer: you send to be whatever you wanted it to be.

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives