> The second question is, why do you want to protect them? If you're > trying to prevent unauthorized users from accessing them, protection > makes sense. But if you want to force authorized users to view them > only embedded in an HTML page rather than directly -- you can't. If > the browser can download it to decorate an HTML page with, it can also > display it directly.
For the sake of argument: You should be able to do this to some extent by requiring a 'referer' header from your domains/ips. That can easily be hacked, and I think 'open in new window' on most browsers would send the header... but curl/wget would likely fail. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---