Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Jun 2002
    Posts
    29
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Securing pictures

    I'm creating my own photogallery using a username and password theme.
    I'm using ASP-IIS.
    My question is how do I secure this picture http://www.mysite.com/pictures/picture.jpg from anybody viewing it. If they do a directlink like this I want them to come to a login screen. Does anybody know how to do this? If so please help me.
    Thanks

  • #2
    Supreme Master coder! glenngv's Avatar
    Join Date
    Jun 2002
    Location
    Philippines
    Posts
    11,048
    Thanks
    0
    Thanked 251 Times in 247 Posts
    I don't think you can detect and prevent a direct link to an image

  • #3
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    Providing you have physical access to the IIS server or at least you can get someone to make some small ajustments, you can easily secure the photos.

    You can just create a virtual directory to a folder on your server with the images. And then just set the permissions in IIS under the VD's properties and then under 'Directory Access' to not allow anymous access.

    The down side is that you either have to have an account on the domain/server for each person so they can login or and one account everyone uses.

    This may not be the most ideal way, but it would work. It depends on things like if it is for an intranet or internet.

    So then if someone types into their browser the direct link, the IIS authentication login window will pop up and if they don't have a valid username and pwd it won't let them through. Once they login, it won't show up again until their session timesout.
    OracleGuy

  • #4
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    Actually most hosts have directory browsing disabled for security reasons so you don't actually need to put a index.htm in all the folders. If there wasn't a file in the 'default document' list in the folder the person will just get a "Directory Browse Forbiden" error in their browser.
    OracleGuy

  • #5
    Regular Coder
    Join Date
    Jun 2002
    Location
    Cincinnati, OH
    Posts
    545
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Are you trying to protect poeple from stealing the pics or just from viewing them? If you are trying to protect people from stealing them then do not put them on the web. There a couple of things to make it more difficult, but not impossible. If you are just trying to keep people out set a cookie or session for a valid login. On your picture pages set something like

    If Request.Cookies("Login") = "Good"
    Look at all these images
    Else
    Response.Redirect "login.asp"
    End If


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •