-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Bill,
On 10/2/15 5:04 AM, Bill Ross wrote: > Thanks Andre for the well-considered reply. To Thad - thanks, I > also asked on stackoverflow after here. > > I believe I have solved the obfuscation problem independent of the > javascript issue. What I just got working is logically: > > img.src = "/images/" + /servlet/getnext(params) > > Where I now have a Servlet at /images that serves the file, thanks > to a generous coder at stackoverflow. I'll post the nicely designed > code here if anyone wants. Why not just use the DefaultServlet... that's what it's job already is. Or, do you need an image from a database or whatever? > I am adding a table to map random hashes to file names. I'll > insert there and have getnext() return the hash instead of the file > name. The new Servlet I just added will look up the hash, check the > age of the record and refuse it if older than a second, and then > serve up the mapped file from the filesystem with current date and > some flippant random file name in the headers. You could do your security-checking, and then simply forward() to the resource, then let the DefaultServlet actually serve the bytes. That allows you to use range-requests, etags, if-modified-since, and all that other good stuff. > So as far as I can see, the only thing not obfuscated is the image > itself and my ego, which is harmless here. What do you need to obfuscate? >> I can think of even more hare-brained schemes where for instance >> some Ajax function of yours could open a websocket connection to >> the server, and receive a stream of image objects from the server >> over that single connection and "plug" them into the page as >> appropriate. But any kind of thing like that would start to >> deviate seriously from standard practices, and need a serious >> effort of development and debugging before it could be considered >> as "production-level". > > This is exactly what I was fishing for, and I thought maybe it had > been solved in some javascript library. Do you need the image to be in an Image object, or do you want to put it into an <img> on the screen? If the latter, just change the value of the 'src' of the <img> and the browser will re-load the image from the server. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWDpT2AAoJEBzwKT+lPKRYdj0P/iTqUq5FTYeTgVjJtLXEMile 74ql5SalOtbERrTvyY72d4wHjlnWUYJCJeJOTWyDU3grJsG7OBxHpiWEQEI5c9GV xEhhGrlI1vOIdJ3gZRCgnrPDV8pdXTS4Sg8zEuLpW5ITRLEJsnHQz6yJDkbLofYz w9ACt/Dllv/kcJPHrIu9+J5xgLAEUPKIHuu1mM9TkTWeSYepuR8grm3A2GFO999D +5MIkd/XpkfTK88/yGP6Q2xtXgXAtnI5Ug0e5S72gkGFRsHYV5iWb9yBRoji7W09 G1uOJPm3xiCED2bLsiFBZmhgv/YrmCoVx4EbLnsYO/92tkHT1+2zly2bmKZc/AoC LXoWI/trEiE2MUWvYlwftyEZvBLsJQCqrHfo6MOwPNwY2YFhv+GYl7E5N+QcQZf5 eCu/vzCvsDZHz7QrVHwInDKXeD2iZ3JxMRVPFT7kIfD/aTzrlFEGqZ+hG/pYsjWh Gv1l2vmfQkPu7/wmhoCscdcqwk9SMCYOWvK7/5ehSyZl/j/4J/zkqnkbU10HlxO+ wVjt+cVYtrCHf7UXWInF86N5ZHSu9KVsmWdoMUUOxIFbGRQbSIvCVBzFPv+WIoR/ G/hURioQXqcICmslbbhw9QwINuRWz7gpcp+Ll7Jj+3furtxYQwv6IB/qJSWSi/Ih lvNUQAkYta9Y+ZUGYAfE =5ruo -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org