Did you post this in /dev/null or was it moved here?

Yeah i posted it in the wrong area.


Matt..

Relocated to "Got Questions."

(/dev/null is a kind of "garbage can" and things get moved there if they violate rules or are off topic. Some people assume anything in /dev/null is there to be criticized.

Let's see what kinds of responses you get.

I am not very strong with windows, but there are people here who are.

ok Got it Dev/Null and Fucktard hall is the naughty corner for stupid people okay.

Well, what kind of web site is it and what is being offered? Are you doing ECommerce? Do you have web applications running? PHP? ASP? These things all have security issues surrounding them. Rather than looking to secure the website, be looking into securing the supporting infrastructure of the website (PHP, ASP, SSL, etc) and the individual components of the website (shopping cart, web apps).

As far as mysql security goes, you'd be far better off getting a book on it. Theres quite a bit to it.

this may come across as a rather harsh reply, so i apologize in advance for that...

i (and a few others here who i can think of) may not want to help someone with a question like this since "preventing hotlinking of images" is, in the minds of a number of individuals, a stupid thing to try to accomplish. i can elaborate why...

1. it contravenes the basic purpose and premise of the web. files are offered by a web server to whomever makes an appropriate GET request. receipt of files should not depend on other files pulled or referrer data.

2. most of the "blocking" technologies rely on referrer information, which many power users, privacy advocates, etc block in their local proxies. (because of the fact that no web site deserves to know where you were coming from or where you're going next)

3. if you don't want an image to be viewed by anyone and everyone through any means they wish, then maybe it shouldn't be on the web. (this is also a response to the "they're sapping my bandwidth" argument)

4. any solution you employ will be mediocre at best... blocking only some hotlinkers while also confounding a whole array of legitimate users. (the same goes for the "disable right clicking" code... this doesn't block ANYONE who you are trying to stop, it only befuddles and irritates basic users. you think a single person on this forum would allow a remote site to dictate how their browser can operate or what their mouse is allowed to do?)

sorry for the rant... but that's my $0.02. if you still want to pursue this innane venture, Mister Google has what you need.

I'm not sure who said this, but I'm almost 100% sure it came from these forums:


There is not much you can do to stop someone from doing a screen capture, so efforts in this area are futile.

well, he didn't specify if his desire is to control ALL dissemenation of the images or only to limit how viewing images impacts his bandwidth. most people who try these sort of shenanigans are trying to ensure that no users can ever view an image unless it's nestled into the larger context of the web page that the site owner created. (a similar argument is made with respect to deep-linking)

those who endeavor to enact hot-linking prevention and deep-linking prevention can go jump in a lake, since it's both futile and will piss off a ton of people... no amount of "benefit" gained from the practice can outweigh that fact, especially if you're selling something online. i for one will immediately refuse to purchase a single thing from a web site if it's the slightest bit difficult for me to use with my beefed up security/privacy/proxy settings. (if the site requires java, javascript, flash, or god-knows-what-else just to navigate pages, etc. then it's "thank you and goodnight" for me)

I would like to purchase your excellent security services. To allow me to transfer my money to your bank account, please provide your routing number and account number here. They're the numbers at the bottom of your checks. This will allow me to send you money cheaply.

I eagerly await your valued response.

Kallahar, do you take checks drawn on Nigerian banks?

Dear Readers,

well thank you for your input . What i was trying to say was since i have a modeling company there will be photo's in (smaller format) but i need it so they cannot copy them since they will be in a photo album format for companys to buy website content. Since the models are under the 2257 regulations under federal law we have to make sure some photo's or videos are protected. i was not stating every single photo or well every single video etc. My site will be a awsome site we will have alot of stuff people can download and do but well there is just some area's that need tighter restrictions is all.

Matt.

No actually i value your input thats why i asked questions.

Matt...

Real Models or Porn? Just Wondering..

If you have the photo in a loser-res format there are plenty of things you can do to try to stop the average user from taking those images. However, anyone who is even slightly above average (and the people you try to stop) will easily be able to grab the images.

I however must disagree with Deviant on the hotlinking issue. But not for the same reasons as you. If I post a file on my website, I get pissed when someone hotlinks it and tries to steal my bandwidth. If Bandwidth was free, maybe I wouldn't care, but it's not and I do.

Try looking at this forum and ask them, they will probably be of great help: http://www.webmasterworld.com/forum92/3270.htm

Well, theres a number of things you can do. With JavaScript you can disable the right-click 'Save this Image as' option. However, that will only stop the weak and the stupid. Using things such as ASP and PHP (not sure what your backend is) you can dynamically create pages and make it much harder for remote browsers to find your images. Also, good file permissions on your image directories is a major issue. A lot of porn sites (nothing derogatory here, but thats what it sounds like you run..and a good chunk of the forum users are large consumsers of said material) dont lock the access to their directories in such a way that only the web server or backend server can access them. Thats how you end up being able to do a "index of" /donkeyfucking in google and find top level directories full of pics for the taking.

The porn sites out there that have 'made it' and are established have become masters in blocking/restricting this sort of thing. If, for example, everyone discovers some new google functionality that lets them see free porn, watch how within a few days half the sites are no longer accessable. I'm sure theres some sort of group/affiliation for Adult Site Webmasters/Architects/Content Builders that covers this kind of stuff, after all its a problem any good porn site faces.