开发者

image protection in rails

开发者 https://www.devze.com 2022-12-28 16:18 出处:网络
I am looking for ways to protect my product images and I don\'t know if there\'s anything out there bett开发者_开发百科er than what I\'ve already found: disable right click, use a transparent image in

I am looking for ways to protect my product images and I don't know if there's anything out there bett开发者_开发百科er than what I've already found: disable right click, use a transparent image in front of your picture and watermarking. Obviously none of them is perfect but I was curious if someone came up with a better solution to this problem.

Also is there any rails plugin to aid with that ?

Thanks


I really, really hate blocking right mouse click. It reminds me nineties when on right mouse click you get message that coping of this site is forbidden ;).

You can't protect your picture. For me the best way is just to put some copyright information and that's all.


There is no way you can do that at all, that is just smoke.

When you uses images in your website, they are downloaded to the client and they can be found in the cache, even if you try to block the user from right clicking and saving it.

They can even look at your html/css/javascript find the location for your picture and put that in their address bar.


You can't stop people from pinching images on the internet, so don't waste your time trying. Instead use a combination of strongly worded copyright messages underneath the image, and only store low-resolution files on the server.

For a photography site I've built in Rails, I have Paperclip trash the original high-resolution photo after it has generated a selection of smaller thumbnails. Combine it with a watermark in a corner of the image and you should have enough to make it a pain to steal a high-quality image, while not inconveniencing users.

Frankly, if I was to visit your website and you'd disabled right-click, I'd be gone in a matter of seconds.


I was looking for something similar, but for random images. I have not found anything so I thought I'd contribute here.

My last solution, using signatures, is something that could be applied here, though with some modification which I have also included at the bottom.

We should differentiate between (at least) two things:

A. Prevent someone saving images from within their browser.

B. Prevent someone writing a script to rip all of your images automatically.

Solutions:

A.

Pretty much impossible and also not what you want. Imagine a website that hassles you when you try to use your browser the way it was meant to be used. Right you'd be unhappy. There are perfectly legitimate reasons for someone to want to save an image, the most basic and flattering one would be to use it as a wallpaper on their computer or phone.

The best solution would be to include a watermark. That way people are reminded of where the images are from and they can still use them for private things.

I think this general rule applies on the internet: if you don't want it to spread outside of your control and you receiving credit: don't put it online.

B.

This is a less nice scenario. The most basic thing I've once done to make ripping images somewhat harder is to a. use unpredictable urls to images and b. create a script on your server that when called will fetch an image from your file system and then output this image. For example: http://example.com/some_image.php The code is really simple:

<?php
$name = './img/ok.png';
$fp = fopen($name, 'rb');

header("Content-Type: image/png");
header("Content-Length: " . filesize($name));

fpassthru($fp);

Source: SO answer on the topic

So what I have done once is I created a script like above, but added a timing option in there so that calling it (from the same session) twice within lets say 10 seconds would return the same image. This way an automated script could only go as fast as 1 image every 10 seconds. Additionally you could make the url contain some sort of timestamp hash:

http://example.com/some_image_$(md5(Time.now + "secret")_Time.now).png so for example:

`http://example.com/some_image_aihfio1n...oi12nof_1396723820.png

What you'd do to check if fetching the image is allowed is:

You take the requested file name, strip off 'some_image' and then the md5 hash. You then check if the given time ('1396723820') is within now and 10 minutes (allow for fluctuation). Then check if the hash is correct for that timestamp + 'secret'.

You can see this as a signature that is sometimes used in digital communication, although very basic and not very strong or anything.

Using this method for your production images could be something like this:

http://example.com/some_image$(md5($image_id, "secret",$timestamp))_$image_id_$timestamp.png

$image_id here is some sort of static identifier for your image (file_name, id of the product in your db, etc).

Please anyone, correct me if my assumption that this makes it harder to predict file paths is incorrect. In the end, the first rule to creating encryption patterns is "don't do it". So is the second. But this is a fairly innocent one to play around with.


have a look on how commercial image suppliers (like iStockphoto.com) protect their images that and see if that fits your need.

0

精彩评论

暂无评论...
验证码 换一张
取 消