Errr.. right.. to a point - you can store something in the HttpSession that would indicate that a valid session was underway and to permit the tag to work. (per YS) In the end _it is_ still just a URL but there are 'other forces at work.'
> How does an image get displayed in a page? > > 1. The browser receives an HTML page with an IMG tag in it. The IMG tag > contains a src attr (an HTTP URL). > 2. The browser makes another request, for the URL of the image. > 3. The server returns the image, which is displayed. > > Clearly, if you want an image to be displayed within a web page, the > image must be available on your server. There is no difference between > the browser making a request for an URL and the user typing that URL > into the address bar directly. Maybe you can look at the referer field, > but of course that can be hoaxed so if you are really trying to keep > this secure that is not a solution. > > If you really want to only provide content to specific users, you must > provide some sort of access control mechanism. The same mechanism should > apply to images you wish to protect. > > This is all related to the fundamental workings of HTTP. > > HTTP is an integral part of how the web works - anyone thinking of > designing a website (especially using scripting languages, servlets, or > anyone trying to provide any type of security) should understand at > least the fundamentals of HTTP. > > -Erik > > Christopher Schultz wrote: > >> All, >> >>> It would be <img src="http://yourserver/yourservlet?param=paramValue"; >>> alt="something"> >> >> >> This still doesn't answer the "original" interpreted question. I don't >> think it's possible to display an image on a page and prevent users >> from browsing to it directly from their browser. >> >> The only thing I can think of is to check the REFERER header to see if >> it came from the page on which you want to display it. That's also not >> foolproof... >> >> -chris >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > > -- > http://www.spectacle.ca/ > The Online Source for Live Music in Montreal > .::514.286.1699::. > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
