Can i hide the real image path in a PHP page or use somekind of encryption [so viewers can't see the img src] ?
[ I've created a social network where user can share image or not ! The images are stored not in the database.] ]i've seen some PHP page showing image with such data [though i'm posting a VB.NET code]
<data name="TrayIcon.Icon" type="System.Drawing.Icon, System.Drawin开发者_如何学编程g" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>
AAABAAEAICD/AAAAAACoCAAAFgAAACgAAAAgAAAAQAAAAAEACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABnZEsAjnMTAKmFFAC7lBsAdWEhABstOgAfNE0ARlt0AG6DmABziJsAN0NTAEpRVABWW1wAS0ktAElj
iwBPbpEAQ1yBADlPcwBdc4gAPT9CAEY6EABUeaoAWIO4AGWCqQBdd5sAPVV7AHWPlQB3jZ8Ae5GjACs0
PwAyJgUANTk6AFRphABbicEAZJLJAGGPxABjhroAdZClAHWIjgBne4wAZm9rABQWFQAwNDEANkpjAG2Y
................
</value>
</data>
You can make a PHP page which get some params, and handle it then. Like a page http://www.yoursite.com/pic.php?token=xxxxxxxxxxxx, here you can handle the token, do some role authentication and session authentication, and then use header() function to push the pic to the browser so that people can download it but not seeing the pic path directly. Hope this help you.
What does it mean to hide the image src path? If you want the user's browser to display the image, surely they must access the data, right? So you have to tell them the address (unless you're embedding the image in the page in base64 or something, but this isn't better). But you don't control the user's browser... maybe it's storing the image in a file, as cache? Or maybe the user tailored it to do what they wanted?
One possible protection to make things harder would be to generate a unique link to the image which would only work for one request, the assumption being that if the user looks at the source code of the page and tries to use this link, then it's not valid anymore. But this is no absolute protection.
There is no sure way to do what you intend; you can only make it harder, but you only can hope that your users won't be smart enough to circumvent the protection, because there will always be a way.
It's not possible to build a system that totally protects your images from download, because of these attack vectors:
-Screenshots of the page
-Interception between the server and the client, (i.e. Wireshark)
-Looking in the browser cache
精彩评论