Unfortunately, this doesn't always work. In the past, I've had problems with IE not sending the Referer header on some requests.<shrug/>
G. Wade Tom Oinn wrote: > > The other way to do it would be to check the referer page, this seems to > be quite a common trick and will confound most people trying to link > directly to your images (which is what I imagine you're trying to > prevent). There may be a more elegant way of doing it, but you could > create a servlet that is mapped to your /images mount point which > inspects the referer field in the request and, assuming it is valid, > returns the appropriate content from a directory outside of your web > application. As all requests would go through the servlet you have > access control. > > Tom > > Shapira, Yoav wrote: > > Howdy, > > That one's tricky (and strange). When you have a servlet or JSP, the > > output the user sees is HTML. In HTML, you have <img> tags. The > > browser will request those images normally in HTTP requests. So from > > the server's perspective, the request is the same whether the user types > > in the image URL or you embed it in one of your pages. > > > > Would something like using a mangled images directory name ($KF_%# or > > something) be sufficient? A name that's hard for users to guess and use > > directly? > > > > Yoav Shapira > > Millennium ChemInformatics > > > > > > > >>-----Original Message----- > >>From: Syed Nayyer Kamran [mailto:[EMAIL PROTECTED] > >>Sent: Monday, June 09, 2003 9:33 PM > >>To: [EMAIL PROTECTED] > >>Subject: Urgent : Can we restrict access to a directory in tomcat > >> > >>hi there, > >> > >>I want to restrict the user to access the images directly through the > > > > web. > > > >>They should be able to access these images through web pages developed > > > > as > > > >>jsp/servlet but should not be able to access these images displayed on > > > > page > > > >>by copying the image url to the address bar. Is tomcat directly support > >>this functionality. or any other solution. > >> > >>Thanks in advance for any solution of the problem. > >> > >> > >>Nayyer Kamran > > > > > > > > > > > > This e-mail, including any attachments, is a confidential business communication, > > and may contain information that is confidential, proprietary and/or privileged. > > This e-mail is intended only for the individual(s) to whom it is addressed, and > > may not be saved, copied, printed, disclosed or used by anyone else. If you are > > not the(an) intended recipient, please immediately delete this e-mail from your > > computer system and notify the sender. Thank you. > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]