visit recently to get the image.
>
> Charlie
>
> > -Original Message-
> > From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED]
> > Sent: Tuesday, June 10, 2003 1:41 PM
> > To: Tomcat Users List
> > Subject: Re: Urgent : Can we restrict access to a
.
Charlie
> -Original Message-
> From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 10, 2003 1:41 PM
> To: Tomcat Users List
> Subject: Re: Urgent : Can we restrict access to a directory in tomcat
>
>
> At 04:27 AM 6/10/2003, you wrote:
> >Apologies if
lt;[EMAIL PROTECTED]>
To: "Syed Nayyer Kamran" <[EMAIL PROTECTED]>
Cc: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Tuesday, June 10, 2003 3:29 AM
Subject: Re: Urgent : Can we restrict access to a directory in tomcat
> There is no guaranteed way to stop someone d
Not sure if Catalina.policy will do the trick.
-Original Message-
From: G. Wade Johnson [mailto:[EMAIL PROTECTED]
Sent: June 9, 2003 9:51 AM
To: Tomcat Users List
Subject: Re: Urgent : Can we restrict access to a directory in tomcat
Unfortunately, this doesn't always work.
In the
ECTED]>
Cc: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Tuesday, June 10, 2003 3:29 AM
Subject: Re: Urgent : Can we restrict access to a directory in tomcat
> There is no guaranteed way to stop someone directly access a gif image
> via a browser url, because this is how an
just put the images in the database & serve them from there!
-Original Message-
From: Jens Skripczynski [mailto:[EMAIL PROTECTED]
Sent: Monday, June 09, 2003 8:42 PM
To: Justin Ruthenbeck
Cc: Tomcat Users List; Syed Nayyer Kamran
Subject: Re: Urgent : Can we restrict access to a direc
At 10:29 AM 6/9/2003, Dean Fantham wrote:
> The only potential method that can catch most (but not all) of these
> would be to create a separate image handling jsp/servlet, say
> imageHandler. When imageHanlder servlet recieves an image request it
> can check the http-referrer header and ensure th
Without more information about the intended application, this discussion
will continue to become more academic and less directly useful ... but,
really, what's wrong with that? ;)
If your app needs to serve images for non-authenticated users, but you want
to approximate security (as if you're
There is a very cool JSP/Servlet Filter developed for the Open For
Business project which allows you to control what pages can be directly
accessed via the address bar or other links. In other words, If someone
tries to directly access a non authorized URL, instead of being sent
there by re
There is no guaranteed way to stop someone directly access a gif image
via a browser url, because this is how an image is accessed by the
browser itself anyways. The browser just makes a HTTP get request to
the web-server (in this case tomcat) requesting the URL of the image to
be included in the
Very possible, I was just acknowledging my lack of experience in being able
to judge whether it was a good design overall or not...it would certainly
accomplish the "protect images" requirement, but I wasn't sure about any
others.
John
On Mon, 09 Jun 2003 09:12:49 -0500, Jacob Kjome <[EMAIL PR
Not to mention spoofing.
John
On Mon, 09 Jun 2003 08:50:50 -0500, G. Wade Johnson
<[EMAIL PROTECTED]> wrote:
Unfortunately, this doesn't always work.
In the past, I've had problems with IE not sending the Referer header
on some requests.
G. Wade
Tom Oinn wrote:
The other way to do it would be
I don't know why this would be any slower than tomcat itself? Tomcat
serves images by loading them as a stream from the default servlet and
returns them to the browser. It all depends on how you implement this. It
very well could be faster than Tomcat itself since a servlet dedicated to
serv
On Mon, 9 Jun 2003 21:52, John Turner wrote:
> Could you just put all of the images under WEB-INF, and use a special
> servlet to get them?
>
> The source attribute of the IMG tag would be something like
> /servlet/imgGetter?image=someUniqueKey.
>
> The servlet would just retrieve the image from th
Could you just put all of the images under WEB-INF, and use a special
servlet to get them?
The source attribute of the IMG tag would be something like
/servlet/imgGetter?image=someUniqueKey.
The servlet would just retrieve the image from the WEB-INF directory, and
spool it out as a stream.
I'
Unfortunately, this doesn't always work.
In the past, I've had problems with IE not sending the Referer header
on some requests.
G. Wade
Tom Oinn wrote:
>
> The other way to do it would be to check the referer page, this seems to
> be quite a common trick and will confound most people trying to
The other way to do it would be to check the referer page, this seems to
be quite a common trick and will confound most people trying to link
directly to your images (which is what I imagine you're trying to
prevent). There may be a more elegant way of doing it, but you could
create a servlet t
Store the images in your database & then your jsp can retrieve & show them.
-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED]
Sent: Monday, June 09, 2003 9:44 AM
To: Tomcat Users List
Subject: RE: Urgent : Can we restrict access to a directory in tomcat
Howdy,
Th
Howdy,
That one's tricky (and strange). When you have a servlet or JSP, the
output the user sees is HTML. In HTML, you have tags. The
browser will request those images normally in HTTP requests. So from
the server's perspective, the request is the same whether the user types
in the image URL
19 matches
Mail list logo
