Re: [PHP] securing a graphic
On Sat, 2003-06-21 at 00:51, Justin French wrote: > I'm with Steve on this. Call them (the numerous "hacks" mentioned in this > thread) deterrents if you like, but there is NO WAY to secure images. > > You can brand them with a big watermark, and make sure your copyright and > terms of use notice are prominent on the page, but the nature of the web is > that they ALREADY HAVE downloaded a copy. > > Justin Yup. If my computer can display it, I can save it. -- Torben Wilson <[EMAIL PROTECTED]>+1.604.709.0506 http://www.thebuttlesschaps.com http://www.inflatableeye.com http://www.hybrid17.com http://www.themainonmain.com - Boycott Starbucks! http://www.haidabuckscafe.com - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] securing a graphic
I'm with Steve on this. Call them (the numerous "hacks" mentioned in this thread) deterrents if you like, but there is NO WAY to secure images. You can brand them with a big watermark, and make sure your copyright and terms of use notice are prominent on the page, but the nature of the web is that they ALREADY HAVE downloaded a copy. Justin on 20/06/03 8:17 AM, Steve Keller ([EMAIL PROTECTED]) wrote: > No there is not a way. The way the web works is by sending your content to > someone else' computer. Once it's there, they have a copy, whether it's in > their cache or actually saved as a file. There's no way to prevent a > determined user from stealing your images, trust me on this one, a good > number of my photoshops are being sent around as anonymous "funny" emails. > > You can disable right-clicking with javascript, but this is pointless. In > IE, the user can just drag your image up to the address bar and poof, your > javascript is gone. And on browsers that can't do that, there's still the > cache. Even if, by some scripting voodoo you manage to keep your images > from ending up in the cache, what's the keep the user from just doing a > screen capture? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] securing a graphic
> From: "Ryan Holowaychuk" <[EMAIL PROTECTED]>
> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> Sent: Friday, June 20, 2003 2:26 AM
> Subject: [PHP] securing a graphic
>> Is there a way in PHP that I can secure a graphic, so that when the page
is
>> loaded it will show the graphic, but is not able to be right clicked on
or
>> downloaded to there desktop.
>>
>> Thanks
>> Ryan
>
>
>"Haseeb Iqbal" <[EMAIL PROTECTED]> wrote in message
news:LAW15->[EMAIL PROTECTED]
> yeah there is a way you have to use some third party tools for that.
> http://www.antssoft.com/htmlprotector/index.htm
> .php can't do this AFAIK
This "security tool" will stop 95% of the general public,
mostly by looking scary. Anyone who knows what they're
doing will go through it in about 20 seconds.
They work in three steps:
first, they have a decryption function which is url-encrypted:
function hp_d01(s) {
var
o="",
ar = new Array(),
os = "",
ic = 0;
for ( i = 0; i < s.length; i++ ) {// for each char in the
encrypted string
c = s.charCodeAt(i);// get the ascii value
if ( c < 128 )// if 7bit ie all alphanumberics
and punctuation
c = c^2;// XOR with 0010ie flip
second-lowest bit
os += String.fromCharCode(c);// cast back to char and append
to working string
// this stuff is for working around Javascript's slow string
concatenation:
// work with a temporary string until it gets up to 80
characters long,
// then store it and start a new working string.
if ( os.length > 80 ) {
ar[ic++] = os;
os=""
}
}
// concatenate all the temporary strings to get the final
decrypted string
o = ar.join("") + os;
document.write(o)
}
second, they use their decryptor to expand a block of code
which tries to lock down the browser to as great an extent
as possible, encrypted in their custom code.
third, in the body of the page, they use their decryptor to
expand the actual body of the page.
Here is the page code with all the decryption/lockdown junk
stripped out:
Sample page protected by HTMLProtector
<!--
body, p, td, dd, dt, ul, ol, li, blockquote {font-family: "verdana",
"arial", "sans-serif"; font-size: 9pt; color: 11;}
div.sidebar {font-size: 8pt; margin: 0}
h1, div.title {color: 79; font-size: medium; font-weight: bold;
margin-bottom: 0}
h2 {color: 79; font-size: small; font-weight: bold; margin-bottom: 0}
dt {color: 79; font-weight: bold; margin-bottom: 0.5em; margin-top:
2em}
A:aalink {font-weight:bold; text-decoration: none}
-->
Sample page protected by HTMLProtector
It's a sample text paragraph.
It's a sample link.
mailto:[EMAIL PROTECTED]">It's a sample email
link.
This page has been protected by HTMLProtector with follow features:
Protect BODY section
Make page expire immediately
Disable Internet Explorer 6 image toolbar
Disable right mouse button
Disable text select
Disable off-line viewing
Don't display links in status bar
Disable page printing
Disable clipboard and printscreen
Disable drag and drop
Disable adobe acrobat web capture
Kill frame
Domain lock
URL lock
Please take a look on what HTMLProtector can do for you!
As you are looking specifically for image
protection, notice the line
Try visiting
http://www.antssoft.com/image/sample.gif
Real secure, eh?
The bottom line is, the web page and graphic must
be publically available and decryptable in order for
people to view it in a browser. If the browser can
decode it, so can just about anyone that knows what
they're doing.
Also note, this scheme adds about 4 1/2 kb to
the size of your page and makes it unusable by
non-Javascript-enabled browsers. Why bother?
--
Hugh Bothwell [EMAIL PROTECTED] Kingston ON Canada
v3.1 GCS/E/AT d- s+: a- C+++ L++>+++$ P+ E- W+++$ N++ K? w++ M PS+
PE++ Y+ PGP+ t-- 5++ !X R+ tv b DI+++ D-(++) G+ e(++) h-- r- y+
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] securing a graphic
At 6/20/2003 02:33 AM, Haseeb Iqbal wrote: > yeah there is a way No there is not a way. The way the web works is by sending your content to someone else' computer. Once it's there, they have a copy, whether it's in their cache or actually saved as a file. There's no way to prevent a determined user from stealing your images, trust me on this one, a good number of my photoshops are being sent around as anonymous "funny" emails. You can disable right-clicking with javascript, but this is pointless. In IE, the user can just drag your image up to the address bar and poof, your javascript is gone. And on browsers that can't do that, there's still the cache. Even if, by some scripting voodoo you manage to keep your images from ending up in the cache, what's the keep the user from just doing a screen capture? -- S. Keller UI Engineer The Health TV Channel, Inc. (a non - profit organization) 3820 Lake Otis Pkwy. Anchorage, AK 99508 907.770.6200 ext.220 907.336.6205 (fax) Email: [EMAIL PROTECTED] Web: www.healthtvchannel.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] securing a graphic
yeah there is a way you have to use some third party tools for that. http://www.antssoft.com/htmlprotector/index.htm .php can't do this AFAIK - Original Message - From: "Ryan Holowaychuk" <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Sent: Friday, June 20, 2003 2:26 AM Subject: [PHP] securing a graphic > Is there a way in PHP that I can secure a graphic, so that when the page is > loaded it will show the graphic, but is not able to be right clicked on or > downloaded to there desktop. > > Thanks > Ryan > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] securing a graphic
Is there a way in PHP that I can secure a graphic, so that when the page is loaded it will show the graphic, but is not able to be right clicked on or downloaded to there desktop. Thanks Ryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
