Hello everyone,
I am developing an application in trusty 'ol Metcard that does the following things. 1) Downloads an "index" from a web server, this is just a plain text file and is basically a file listing with some other bits of information about the images 2) Uses that index to downlaod a series of pictures which are then displayed in Metacard along with any other addition info in a text box. So far so good. MC does everything it is told to do just wonderfully. My problem is how do I protect those images? I want it so only Metacard can view the pictures. By this I mean if I can show an image by putting URL "http://someserver.com/ViewerApp/Images/image1.jpg"; into an image object in Metacard I can also view the image using a web browser. No worries. I can encode the image using "base64encode" and compress the image and even give it a funny extension type. That works really well. No complaints from Metacard about that either. Still it is not very secure. Someone could easily figure out what is going on here and still download the images... Alright then how about if I password protect the site using the std sort of protection. (That is the basic sort like at http://emserver.otago.ac.nz/gordon/.) and get Metacard to connect using the authorization method : "http://username:[EMAIL PROTECTED]/ViewerApp/Images/image1.jpg"; Thus if you try to connect using a web browser to the server you require a password. My problem is that the password is relatively easy to obtain using Interarchy of OTsessionwatcher or any of those TCP/IP watching applications. If you have the password you can get the images etc again... Does any one have any suggestions about what I could do here? My two lines of thought are: 1) I could either encrypt the images using some other method than base64 I am open to suggestions about how I could do this. 2) I could build a better password protected site with cgi's or ASP or some such thing though then I have issues with server hosting etc. 3) I am just being to paranoid about the whole thing. If anyone get's through all of the road blocks I have created perhaps I should just give them a chocolate fish and a certificate and not worry about it... Thanks in advance for any suggestions. Michael _______________________________________________ metacard mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/metacard
![http://someserver.com/ViewerApp/Images/image1.jpg"](http://someserver.com/ViewerApp/Images/image1.jpg"){kind=link}
![http://username:[EMAIL PROTECTED]/ViewerApp/Images/image1.jpg"](http://username:[EMAIL PROTECTED]/ViewerApp/Images/image1.jpg"){kind=link}