the image.
Charlie
-Original Message-
From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 10, 2003 1:41 PM
To: Tomcat Users List
Subject: Re: Urgent : Can we restrict access to a directory in tomcat
At 04:27 AM 6/10/2003, you wrote:
Apologies if I'm missing
just put the images in the database serve them from there!
-Original Message-
From: Jens Skripczynski [mailto:[EMAIL PROTECTED]
Sent: Monday, June 09, 2003 8:42 PM
To: Justin Ruthenbeck
Cc: Tomcat Users List; Syed Nayyer Kamran
Subject: Re: Urgent : Can we restrict access to a directory
: Tuesday, June 10, 2003 3:29 AM
Subject: Re: Urgent : Can we restrict access to a directory in tomcat
There is no guaranteed way to stop someone directly access a gif image
via a browser url, because this is how an image is accessed by the
browser itself anyways. The browser just makes a HTTP
Not sure if Catalina.policy will do the trick.
-Original Message-
From: G. Wade Johnson [mailto:[EMAIL PROTECTED]
Sent: June 9, 2003 9:51 AM
To: Tomcat Users List
Subject: Re: Urgent : Can we restrict access to a directory in tomcat
Unfortunately, this doesn't always work.
In the past
[EMAIL PROTECTED]
Cc: Tomcat Users List [EMAIL PROTECTED]
Sent: Tuesday, June 10, 2003 3:29 AM
Subject: Re: Urgent : Can we restrict access to a directory in tomcat
There is no guaranteed way to stop someone directly access a gif image
via a browser url, because this is how an image is accessed
Message-
From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 10, 2003 1:41 PM
To: Tomcat Users List
Subject: Re: Urgent : Can we restrict access to a directory in tomcat
At 04:27 AM 6/10/2003, you wrote:
Apologies if I'm missing the point, but why can't you
store
Howdy,
That one's tricky (and strange). When you have a servlet or JSP, the
output the user sees is HTML. In HTML, you have img tags. The
browser will request those images normally in HTTP requests. So from
the server's perspective, the request is the same whether the user types
in the image
Store the images in your database then your jsp can retrieve show them.
-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED]
Sent: Monday, June 09, 2003 9:44 AM
To: Tomcat Users List
Subject: RE: Urgent : Can we restrict access to a directory in tomcat
Howdy,
That one's
The other way to do it would be to check the referer page, this seems to
be quite a common trick and will confound most people trying to link
directly to your images (which is what I imagine you're trying to
prevent). There may be a more elegant way of doing it, but you could
create a servlet
Unfortunately, this doesn't always work.
In the past, I've had problems with IE not sending the Referer header
on some requests.shrug/
G. Wade
Tom Oinn wrote:
The other way to do it would be to check the referer page, this seems to
be quite a common trick and will confound most people
Could you just put all of the images under WEB-INF, and use a special
servlet to get them?
The source attribute of the IMG tag would be something like
/servlet/imgGetter?image=someUniqueKey.
The servlet would just retrieve the image from the WEB-INF directory, and
spool it out as a stream.
On Mon, 9 Jun 2003 21:52, John Turner wrote:
Could you just put all of the images under WEB-INF, and use a special
servlet to get them?
The source attribute of the IMG tag would be something like
/servlet/imgGetter?image=someUniqueKey.
The servlet would just retrieve the image from the
I don't know why this would be any slower than tomcat itself? Tomcat
serves images by loading them as a stream from the default servlet and
returns them to the browser. It all depends on how you implement this. It
very well could be faster than Tomcat itself since a servlet dedicated to
Not to mention spoofing.
John
On Mon, 09 Jun 2003 08:50:50 -0500, G. Wade Johnson
[EMAIL PROTECTED] wrote:
Unfortunately, this doesn't always work.
In the past, I've had problems with IE not sending the Referer header
on some requests.shrug/
G. Wade
Tom Oinn wrote:
The other way to do it
Very possible, I was just acknowledging my lack of experience in being able
to judge whether it was a good design overall or not...it would certainly
accomplish the protect images requirement, but I wasn't sure about any
others.
John
On Mon, 09 Jun 2003 09:12:49 -0500, Jacob Kjome [EMAIL
There is no guaranteed way to stop someone directly access a gif image
via a browser url, because this is how an image is accessed by the
browser itself anyways. The browser just makes a HTTP get request to
the web-server (in this case tomcat) requesting the URL of the image to
be included in the
There is a very cool JSP/Servlet Filter developed for the Open For
Business project which allows you to control what pages can be directly
accessed via the address bar or other links. In other words, If someone
tries to directly access a non authorized URL, instead of being sent
there by
Without more information about the intended application, this discussion
will continue to become more academic and less directly useful ... but,
really, what's wrong with that? ;)
If your app needs to serve images for non-authenticated users, but you want
to approximate security (as if you're
At 10:29 AM 6/9/2003, Dean Fantham wrote:
The only potential method that can catch most (but not all) of these
would be to create a separate image handling jsp/servlet, say
imageHandler. When imageHanlder servlet recieves an image request it
can check the http-referrer header and ensure that
19 matches
Mail list logo
