11-04-2009, 01:57 AM
I have seen websites that have test.php?file=blah.jpg for example that disables image saving (because it saves as a PHP file and hides the path) yet shows the JPG when it is requested by a browser. How would I go about replicating this?
EDIT: Renaming it to a jpg displays the real image.. is there any other way through PHP without putting a watermark?
11-04-2009, 04:06 PM
And how are you going to prevent someone just going to their cache folder and finding the image there?
Bottom line, if the browser can get it, the user can get it. The only way to prevent image save is to not publish the image.
11-04-2009, 04:08 PM
Anyway, what you mention is really just a PHP page set up to direct file requests based on a database of locations. The script runs on a call to the page - which the browser makes for the image location - and it returns the file location to the browser. Even if the source code doesn't reveal the image location on the server the browser still knows where to find it - just check out Firefox/Firebug. Really, you could get pretty intricate with the implementation and make it virtually impossible for the average joe to find your true image path and these same people could still rip you off with low-tech options.
Pursuing this method of image "protection" would be a waste of time overall. The only real way to protect an image on the web is to add a water mark.