On Mon, 9 Jun 2003 21:52, John Turner wrote: > Could you just put all of the images under WEB-INF, and use a special > servlet to get them? > > The source attribute of the IMG tag would be something like > /servlet/imgGetter?image=someUniqueKey. > > The servlet would just retrieve the image from the WEB-INF directory, and > spool it out as a stream.
That is the way I would do it and I've just done something similar but with PHP instead... Basically you store the images either outside the document root ie. in WEB-INF for Tomcat or if using Apache you can use a .htaccess to deny from all instead, then you have your usual security framework within your web app and only allow authorised users to see the images. Although once you have served that image there is nothing you can do to stop people from using it, I wouldn't even waste your time looking at Javascript to block right clicks or anything like that, a quick disable of javascript gets around that one... Regards, -- Jason Bainbridge http://jblinux.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]