If you're using a servlet to serve up images by name, you have plenty of ways to filter non-allowed users.
You can reference thier sessionID to determine who they are, you can (as you said) check the referer to make sure that the request comes from the correct page, you can map the real filenames to an arbitrary string that changes with each request.... etc.. etc.. On Friday 12 December 2003 11:37 am, Christopher Schultz wrote: > All, > > > It would be <img src="http://yourserver/yourservlet?param=paramValue"; > > alt="something"> > > This still doesn't answer the "original" interpreted question. I don't > think it's possible to display an image on a page and prevent users from > browsing to it directly from their browser. > > The only thing I can think of is to check the REFERER header to see if > it came from the page on which you want to display it. That's also not > foolproof... > > -chris > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- Ben Souther F.W. Davison & Company, Inc. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
