[Gloucs] [ot] sourceforge website

Guy Edwards gloucs at mailman.lug.org.uk
Mon Jan 6 20:57:00 2003 

On Mon, 2003-01-06 at 19:46, Will Roe wrote:
> > > Stopping theft of graphics is server side I would think though, so
> > > perhaps you mean Java there? (but you can use Javascript on the server
> > > too can't you?) I don't have any experience of this but I understand you
> > > use the http referer reference or something similar?
> > 
> > +++ A typical piece of code to insert (Cut & Paste this script... this information goes
> > right under the HEAD in the HTML area of your webpage - the message can be altered to read whatever you want to say....)
> >   in a web page to stop right click copying of site graphics is:
> 
> This is BAD. What the hell did you put it on the web for in the first
> place? Loads of people have jscript disabled so that is no protection
> - you're just using up some parsing power of the browser (and if it's
> poor IE, you have to be kind).
> 
> I'm affraid once the client has loaded the web page, cached the images
> etc, you'd be denying access to data that is rightfully theirs...on
> their own hard drives. NO.

Client side Javascript won't stop copying/saving of the image, it's
already been done by the time you view the image.

I thought the main problem with image theft was when another site linked
to an image in yours, saving them bandwidth and costing you
bandwidth/money. I seem to remember someones solution being to have a
value for their image directory ($imgdir) and then a script that moved
it to a different name every now and then. That way other sites couldn't
do a <img src="http://mysitesomewhere.com/myimage.png etc.... because
the image would have moved each week.

I've not had to do that yet (not paying for a sites bandwidth and no
images to steal!)

As I understood it you could stop the request for the image based on the
referer too but I thought it was a solution with problems from what I
heard.

(quick sniff around...) CGI Programming with Perl, O'Reilly 2nd ed. p62

It checks using the Referer HTTP header field (small note: not all
browsers provide it, some clients and servers provide false headers)
If anyone wants to see the perl script I'll type it out but I doubt you
do. (Googled - found!)
http://mcs.une.edu.au/~comp315/BookCode/CGIProgramming/Examples/ch03/check_referer-cgi.txt

Guy