Apologies if I'm missing the point, but why can't you store/retrieve your image from a blob field in your database ?
You could, but the question is really, "How do I stop people from directly linking to my images (ie: only allow them to see the images if a jsp/servlet produces the page)?" Among other possibilities, this could be because you have images or other resources (celebrity photos come to mind) that other sites want to serve off of yours. If you've got a jsp/servlet app that is non-session based, how would you go about preventing this?
A couple solutions have been offered -- all based on an authentication filter/servlet to decide whether the resource should be served. The question is: how should that filter/servlet make that decision?
justin
----- Original Message ----- From: "Dean Fantham" <[EMAIL PROTECTED]> To: "Syed Nayyer Kamran" <[EMAIL PROTECTED]> Cc: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Tuesday, June 10, 2003 3:29 AM Subject: Re: Urgent : Can we restrict access to a directory in tomcat
> There is no guaranteed way to stop someone directly access a gif image > via a browser url, because this is how an image is accessed by the > browser itself anyways. The browser just makes a HTTP get request to > the web-server (in this case tomcat) requesting the URL of the image to > be included in the web page. > > i.e. in a standard jsp/servlet response to a web request the image > request is embedded in a <img src=".../somedir/some-img.gif">. This is > going to cause a browser request directory to the directory containing > the image, which can also be duplicated in the browser. > > The only potential method that can catch most (but not all) of these > would be to create a separate image handling jsp/servlet, say > imageHandler. When imageHanlder servlet recieves an image request it > can check the http-referrer header and ensure that the referrer is the > url of the page to which the images are supposed to load, i.e. is the > page containing the images in /servlet/somepage then the http-referrer > that imageHandler see should be able to checked that it is > /servlet/somepage. Someone can circumvent this control by the Internet, > but just manually setting this header themselves (via a program or the > like) and then having access directly to the images > > You would then have to update all image referrences on the somepage > servelt/jsp however to something like <img > src="/servlet/imagehandler?gif=somerefernce">. > > > > On Mon, 2003-06-09 at 18:32, Syed Nayyer Kamran wrote: > > > hi there, > > > > I want to restrict the user to access the images directly through the web. They should be able to access these images through web pages developed as jsp/servlet but should not be able to access these images displayed on page by copying the image url to the address bar. Is tomcat directly support this functionality. or any other solution. > > > > Thanks in advance for any solution of the problem. > > > > > > Nayyer Kamran > >
____________________________________ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential See http://www.nextengine.com/confidentiality.php ____________________________________
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
