Re: [PHP] securing a graphic
On Sat, 2003-06-21 at 00:51, Justin French wrote: > I'm with Steve on this. Call them (the numerous "hacks" mentioned in this > thread) deterrents if you like, but there is NO WAY to secure images. > > You can brand them with a big watermark, and make sure your copyright and > terms of use notice are prominent on the page, but the nature of the web is > that they ALREADY HAVE downloaded a copy. > > Justin Yup. If my computer can display it, I can save it. -- Torben Wilson <[EMAIL PROTECTED]>+1.604.709.0506 http://www.thebuttlesschaps.com http://www.inflatableeye.com http://www.hybrid17.com http://www.themainonmain.com - Boycott Starbucks! http://www.haidabuckscafe.com - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] securing a graphic
I'm with Steve on this. Call them (the numerous "hacks" mentioned in this thread) deterrents if you like, but there is NO WAY to secure images. You can brand them with a big watermark, and make sure your copyright and terms of use notice are prominent on the page, but the nature of the web is that they ALREADY HAVE downloaded a copy. Justin on 20/06/03 8:17 AM, Steve Keller ([EMAIL PROTECTED]) wrote: > No there is not a way. The way the web works is by sending your content to > someone else' computer. Once it's there, they have a copy, whether it's in > their cache or actually saved as a file. There's no way to prevent a > determined user from stealing your images, trust me on this one, a good > number of my photoshops are being sent around as anonymous "funny" emails. > > You can disable right-clicking with javascript, but this is pointless. In > IE, the user can just drag your image up to the address bar and poof, your > javascript is gone. And on browsers that can't do that, there's still the > cache. Even if, by some scripting voodoo you manage to keep your images > from ending up in the cache, what's the keep the user from just doing a > screen capture? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] securing a graphic
> From: "Ryan Holowaychuk" <[EMAIL PROTECTED]> > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Sent: Friday, June 20, 2003 2:26 AM > Subject: [PHP] securing a graphic >> Is there a way in PHP that I can secure a graphic, so that when the page is >> loaded it will show the graphic, but is not able to be right clicked on or >> downloaded to there desktop. >> >> Thanks >> Ryan > > >"Haseeb Iqbal" <[EMAIL PROTECTED]> wrote in message news:LAW15->[EMAIL PROTECTED] > yeah there is a way you have to use some third party tools for that. > http://www.antssoft.com/htmlprotector/index.htm > .php can't do this AFAIK This "security tool" will stop 95% of the general public, mostly by looking scary. Anyone who knows what they're doing will go through it in about 20 seconds. They work in three steps: first, they have a decryption function which is url-encrypted: function hp_d01(s) { var o="", ar = new Array(), os = "", ic = 0; for ( i = 0; i < s.length; i++ ) {// for each char in the encrypted string c = s.charCodeAt(i);// get the ascii value if ( c < 128 )// if 7bit ie all alphanumberics and punctuation c = c^2;// XOR with 0010ie flip second-lowest bit os += String.fromCharCode(c);// cast back to char and append to working string // this stuff is for working around Javascript's slow string concatenation: // work with a temporary string until it gets up to 80 characters long, // then store it and start a new working string. if ( os.length > 80 ) { ar[ic++] = os; os="" } } // concatenate all the temporary strings to get the final decrypted string o = ar.join("") + os; document.write(o) } second, they use their decryptor to expand a block of code which tries to lock down the browser to as great an extent as possible, encrypted in their custom code. third, in the body of the page, they use their decryptor to expand the actual body of the page. Here is the page code with all the decryption/lockdown junk stripped out: Sample page protected by HTMLProtector <!-- body, p, td, dd, dt, ul, ol, li, blockquote {font-family: "verdana", "arial", "sans-serif"; font-size: 9pt; color: 11;} div.sidebar {font-size: 8pt; margin: 0} h1, div.title {color: 79; font-size: medium; font-weight: bold; margin-bottom: 0} h2 {color: 79; font-size: small; font-weight: bold; margin-bottom: 0} dt {color: 79; font-weight: bold; margin-bottom: 0.5em; margin-top: 2em} A:aalink {font-weight:bold; text-decoration: none} --> Sample page protected by HTMLProtector It's a sample text paragraph. It's a sample link. mailto:[EMAIL PROTECTED]">It's a sample email link. This page has been protected by HTMLProtector with follow features: Protect BODY section Make page expire immediately Disable Internet Explorer 6 image toolbar Disable right mouse button Disable text select Disable off-line viewing Don't display links in status bar Disable page printing Disable clipboard and printscreen Disable drag and drop Disable adobe acrobat web capture Kill frame Domain lock URL lock Please take a look on what HTMLProtector can do for you! As you are looking specifically for image protection, notice the line Try visiting http://www.antssoft.com/image/sample.gif Real secure, eh? The bottom line is, the web page and graphic must be publically available and decryptable in order for people to view it in a browser. If the browser can decode it, so can just about anyone that knows what they're doing. Also note, this scheme adds about 4 1/2 kb to the size of your page and makes it unusable by non-Javascript-enabled browsers. Why bother? -- Hugh Bothwell [EMAIL PROTECTED] Kingston ON Canada v3.1 GCS/E/AT d- s+: a- C+++ L++>+++$ P+ E- W+++$ N++ K? w++ M PS+ PE++ Y+ PGP+ t-- 5++ !X R+ tv b DI+++ D-(++) G+ e(++) h-- r- y+ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] securing a graphic
At 6/20/2003 02:33 AM, Haseeb Iqbal wrote: > yeah there is a way No there is not a way. The way the web works is by sending your content to someone else' computer. Once it's there, they have a copy, whether it's in their cache or actually saved as a file. There's no way to prevent a determined user from stealing your images, trust me on this one, a good number of my photoshops are being sent around as anonymous "funny" emails. You can disable right-clicking with javascript, but this is pointless. In IE, the user can just drag your image up to the address bar and poof, your javascript is gone. And on browsers that can't do that, there's still the cache. Even if, by some scripting voodoo you manage to keep your images from ending up in the cache, what's the keep the user from just doing a screen capture? -- S. Keller UI Engineer The Health TV Channel, Inc. (a non - profit organization) 3820 Lake Otis Pkwy. Anchorage, AK 99508 907.770.6200 ext.220 907.336.6205 (fax) Email: [EMAIL PROTECTED] Web: www.healthtvchannel.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] securing a graphic
yeah there is a way you have to use some third party tools for that. http://www.antssoft.com/htmlprotector/index.htm .php can't do this AFAIK - Original Message - From: "Ryan Holowaychuk" <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Sent: Friday, June 20, 2003 2:26 AM Subject: [PHP] securing a graphic > Is there a way in PHP that I can secure a graphic, so that when the page is > loaded it will show the graphic, but is not able to be right clicked on or > downloaded to there desktop. > > Thanks > Ryan > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] securing a graphic
Is there a way in PHP that I can secure a graphic, so that when the page is loaded it will show the graphic, but is not able to be right clicked on or downloaded to there desktop. Thanks Ryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php