Hi everybody and first of all thanks for providing simpleviewer!

The enableRightClickOpen="false" option is nice, it makes it a little bit more complicated to grab the images and save them on disk.
However, since the gallery.xml is always named gallery.xml, there is a simple way to get to the images: The gallery.xml file itself can be viewed in the browser directly and provides very easily all information required to grab the images. Those urls can then be entered to the browser and voila, I have the sourcefiles.

So its only a marginal improvement. What I suggest is not foolproof either but a little bit better:

If possible, have simpleviewer send the location of its own .swf file as referer request header for all requests to images and the gallery.xml files. Right now its not sending any referer at all (checked only for the gallery.xml).

If it would send a referer request header then it would be possible with a little Webserver configuration to prevent the download of the gallery.xml file for every referer except the location of the simpleviewer swf file.

For Apache webserver this would be something like this:

SetEnvIf Referer "/path/to/viewer.swf$" gallery_ref

<FilesMatch ".xml$">
       Order Deny,Allow
      Deny from all
       Allow from env=gallery_ref
</FilesMatch>

Of course, request headers can be faked as well. But I still believe this measure will make it substancially more difficult to grab the images.

Maybe you can consider it for a future release.

Thanks in advance!
Dominique

(edited the subject so it actually makes sense)