On Thu, 2003-09-04 at 03:54, Chris Withers wrote:
Ken Causey wrote:
It is a precondition script whose goal is to try to prevent access to an image unless you are viewing it embedded within a page of my site.
A simpler solution is just to look at your logs every now and then and bitch at people who are hijacking images ;-)
See below for why that is not so easy.
The closest I've been able to come to this goal is to add a value to the session within the page and check in the precondition script for the image that the value is defined. Although not ideal this works sufficiently.
I think that's about as good as it'll get, HTTP and HTML are not designed to do what you want them to...
Where I'm running into the problem I described above is that I wanted to exempt managers from the check for the session variable. The obvious way to do that seemed to be to check the role of the user.
Indeed, but that's a nigh-on impossible task given the way HTTP and HTML work together...
I don't understand why. In the past I have made such checks in DTML and ZPT pages and it seemed to work fine. Is it not a common task to have a page that has different behaviour based on the roles of the user?
I welcome any alternatives you can suggest.
Hmmm, why do you care so much about these images being hijacked?
Because past experience has told me it will happen. The most common occurrence is that eBay users will use my pictures and bandwidth rather than go to the trouble of making and hosting their own. This will be exacerbated by the fact that I plan myself to post items on eBay as a source of promotion. I really don't care to have to contact eBay all the time to complain about this or have to scan logs for the possibility. There are better ways to spend my time. So my preference is to find a technological solution. Ken
cheers,
Chris