Protecting Your Images

Posted on September 07, 1999

in Code

by Mike Ashton (mashton)

Rated 0 (Add your rating)

Want more?

More articles in Code
More articles by mashton

Mike Ashton

Member info | Full bio

User since: August 30, 1999

Last login: August 30, 1999

Articles written: 2

Don't want people stealing your images off your site?

Well here is a solution I implemented for a client, that makes the only way to grab your image is thru a screen grab (see example here).

Now this is not an absolute solution to the problem since there isn't one, but this is best way I've been able to implement todate, without adding watermarks to the images.

There are two parts to this implementation.

First you require a cgi script (see image.pl below) that: 1/ checks to see if it's your page calling the image (using HTTP_REFERER) as you see I'll allow any page from the /test/directory to qualify. If you use another CGI ensure you explicity disallow it from qualifying. 2/ pipes your protected image from a safe directory 3/ ensures that the browser won't cache the image file by setting both the PRAGMA and EXPIRES headers. (even try viewing using page info)

Next part to the solution is to use javascript (see code in html example below) in your page to ensure the user can't use the image save feature by: 1/ loading a dumby image which appears when ever the mouse is over the image, thereby disabling the right mouse, save image as. 2/ using javascript to load the desired image, then swapping it with the dumby once loaded and whenever the mouse is NOT over the image.

Now also remember that your dumby image size has to be the same as the image you want to display, now this wasn't a problem for me since I ensured all of my clients photgraphs were the same size.

====  image.pl ===========
#!/perl
require "Cgi-lib.pl";
&ReadParse(*search);
if ($ENV{'HTTP_REFERER'} =~ m#http://www.ematchcorp.com/test/# ) {
  $expires='Expires: Wed, 26 Feb 1997 08:21:57 GMT\n';
  $pragma='Pragma: no-cache';
  $tmpfile="c:\\inetpub\\www\\ematch\\images\\$search{'file'}";
  open( FROM, "< $tmpfile" );
  binmode FROM;
  binmode STDOUT;
# Print out the contents of the image file.
  print "Content-type: image/$search{'type'}\n";
  print $expires,"\n";
  print $pragma,"\n"; print "\n";

  while (<FROM>) {
    print $_;
  } 
  close FROM;
} else {
  ## Unauthorized access
  print "Content-type: text/html\n\n";
  print "<html><body>copyrighted material</body></html>\n";
}
exit;
====== end image.pl========

==== begin index2.html==========
<html> <head> <title>image example</title> </head>
<script language='javascript'>
function ImageLoad() {
  window.status="Image cache test";
  iFake = new Image ();
  iFake.src = 'loader.gif';
  iReal = new Image ();
  iReal.src = '/cgi/image.pl?type=jpeg&file=img0064.jpg';
  document.images['slide'].src=iReal.src;
}
</script>
<body>

6 comments on this article. Log in to add your comment |

Submitted by MartinB on September 9, 1999 - 06:05.

Minor problem: When you get your contextual menu (right- or control-click), by the time you've moved your mouse down to the 'Copy' option, you're not over the image any more, and it's swapped back. I just copied it (NT/IE4) with no problems at all. Sorry!

Submitted by mashton on September 9, 1999 - 08:54.

Hmmm... interesting! So much for that idea. It appears that IE5 NN4 work. Even thought the image does switch in NN4 the reference stays to the loader.gif , sorry for the incomplete implementation.

Submitted by m3avrck on September 10, 1999 - 14:00.

There is a way to stop this is IE4+ and NN4+. Just use a layer and make its z-index above everything else in your page. Size this layer to take up the entire size of your page. That way when people right click, they are right clicking on the layer and not the image.

Submitted by catkins on September 17, 1999 - 22:58.

Ted's layer idea is probably a better option, but have you considered using the onclick event handler to capture right-clicks? You'd have to do it differently for Netscape/IE (what's new?) and there is always that silly "pop-up menu" button on the newer "Windows" keyboards. It's the 90/10 rule all over again. There is no way to prevent a determined individual from obtaining those images..

Submitted by themadman on May 9, 2000 - 02:13.

Um, isn't all this still of no use if the user has disabled Javascript? I'd like to suggest a solution that isn't 100% fool-proof, but will deceive most people. Just rename your .GIF files to .xyz (where xyz can be any extension you pick) and ditto with the .JPG files. Reference those images in your HTML. The browser displays the images by reading the file headers and will display them correctly. However, if someone does a right-click and "Save as", the weird extension you've picked probably won't have a viewer on the client machine. Of course, a screen capture will still get around this.

What about digital?

Submitted by haidary on April 10, 2002 - 16:03.

I read this artical a while ago. Shortly after I found DigiMarc. DigiMarc is a company that tracks digital watermarks for you online. This is not full proof but I like it anyway. It also allows for embeded 'invisible' watermarks in images that are going to be printed. If that image shows up in a publication later (without your permission), all you have to do to prove it's yours is take a copy of the image and drag it back and forth in front of a web cam. When this is done, special software finds the watermark in the image and connects to it's corosponding page online that displays copywrite information! I just find this means of protection a lot more secure, and a lot more interesting than most other options out thier right know. Check thier site out here- http://www.digimarc.com

Start of page header

Other Fine Evolt.org Sites

Navigation Starts

Article Categories

Highest rated articles

Submit

Recent comments

Main Page Content

Protecting Your Images

Want more?

Mike Ashton

What about digital?