Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
Generate a random image ID on upload
Hi,
I want to protect an image gallery with cbe_frontauth but my problem is that it is pretty easy to access to the uploaded images as their url’s are pretty simple to find with the id system. I read other posts and I know that it is not possible to change images url from id use to name use. That’s why I thought that a random id (like 263613211) could be safely enough for me. However, as you can imagine, it is a little bit long to assign this kind of id manualy with mysql and FireFTP. Do you think that it’s possible to randomize id’s in an easy way?
Thanks…
Offline
Re: Generate a random image ID on upload
Hi Nicolas,
only guessing here, but I don’t think it’s easy, the ids are probably auto-increment db index keys. But what about putting these .htaccess rules in your image directory (replace localhost with your domain):
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
RewriteRule \.(gif|jpg|png)$ - [F]
</IfModule>Offline
Re: Generate a random image ID on upload
etc wrote #289417:
But what about putting these .htaccess rules in your image directory (replace localhost with your domain)…
I had already tried but I thought it didn’t work, probably because of the bowser’s cache… :-/
It is working well now ; thank you for replying!
Last edited by NicolasGraph (2015-03-26 09:37:21)
Offline
Re: Generate a random image ID on upload
NicolasGraph wrote #289430:
I had already tried but I thought it didn’t work, probably because of the bowser’s cache… :-/
It’s not only cache, but referrer too. If you right-click an image, and then “View image”, the browser (Firefox at least) sends the referrer, so the image is loaded even on hard-refresh.
Offline
Re: Generate a random image ID on upload
etc wrote #289433:
It’s not only cache, but referrer too.
Oh… ok. To limit the image caching (and referrer?), I’m using a little hack like so: <img src='<txp:image_url />?=<txp:posted format="iso8601" />' to display the protected images on the site. Of course you can still use the right click… Do you think that using the current time as a variable could be better as it would be always different? I don’t “speak” PHP but I think that it could be quiet easy to do… (?)
Edit: Reading back my post I’m thinking it would probably change nothing… When the image is displayed with the right click, it is “in” the referrer, doesn’t matter what is the variable, right?
Last edited by NicolasGraph (2015-03-26 09:42:09)
Offline
Re: Generate a random image ID on upload
I don’t understand your question: if an image is already loaded by the browser, there is no really safe way to protect it from copying. I have played with it here, but it’s a joke. I don’t think .htaccess rules are unbreakable too, but this keeps Joe Average from hotlinking images by guessing their URL.
Offline
Re: Generate a random image ID on upload
etc wrote #289439:
I don’t understand your question:
In fact, my last edit, and this:
if an image is already loaded by the browser, there is no really safe way to protect it…replied to me. The question was a little bit 8-/
Anyway, what I trying to protect are not the Queen’s jeweleries… ;-)
Thank you Oleg.
Last edited by NicolasGraph (2015-03-27 11:02:10)
Offline
Pages: 1