Chris Yes, the way my image server system (if I can call it such) works is pretty much exactly what you are suggesting.
This issue, for me at least, is in the past-tense - i.e., already working code.
And yes, as I say above, the model I devised is pretty much what you suggested. Maurice Yarrow Christopher Schultz wrote:
Maurice,The answer is the latter: authentication required. In fact, there are three levels of privacy on these images and documents: public: (everyone can view) passworded: (password required for viewing: say, your family only. This pw specific to these views) private: (only you, the owner, have access - so only your login permits you to see these views) Presumably, most views are public, but this has to be the owner's decision, no ?If you want to check to see if a remote request for an image is valid, you will have to run all your images through a servlet in order to determine authorization. Since each image could have different authorization settings, you can't just use the servlet container's built-in authorization (set up in web.xml). You will have to enforce this yourself. Just configure your webapp to serve "/images/*" through a servlet that you write. This servlet will check the permissions on the URI (I'm assuming that you have this information in a database or other data store), and then possibly consult the user and/or their relationships to determine of the request should be served, or if you should return an "access denied" image instead. Would that solve your problem? If so, I think your original question was poorly worded. I think we all thought you were asking how to prevent downloading of images in general (which is pretty much impossible... images served by web servers are designed to be, well, downloaded). -chris
--------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
