Topic: better image theft prevention support

Hi everybody and first of all thanks for providing simpleviewer!

The enableRightClickOpen="false" option is nice, it makes it a little bit more complicated to grab the images and save them on disk.
However, since the gallery.xml is always named gallery.xml, there is a simple way to get to the images: The gallery.xml file itself can be viewed in the browser directly and provides very easily all information required to grab the images. Those urls can then be entered to the browser and voila, I have the sourcefiles.

So its only a marginal improvement. What I suggest is not foolproof either but a little bit better:

If possible, have simpleviewer send the location of its own .swf file as referer request header for all requests to images and the gallery.xml files. Right now its not sending any referer at all (checked only for the gallery.xml).

If it would send a referer request header then it would be possible with a little Webserver configuration to prevent the download of the gallery.xml file for every referer except the location of the simpleviewer swf file.

For Apache webserver this would be something like this:

SetEnvIf Referer "/path/to/viewer.swf$" gallery_ref

<FilesMatch ".xml$">
       Order Deny,Allow
      Deny from all
       Allow from env=gallery_ref
</FilesMatch>

Of course, request headers can be faked as well. But I still believe this measure will make it substancially more difficult to grab the images.

Maybe you can consider it for a future release.

Thanks in advance!
Dominique

(edited the subject so it actually makes sense)

Re: better image theft prevention support

Hi, using this method it is still fairly easy to copy the images:
- Use a web-proxy to determine the jpg URLs.
- Screen grab the JPGs.

Felix Turner
SimpleViewer Support Team.

Re: better image theft prevention support

Like I said, its not secure and there never will be a secure solution. It only makes things more complicated.

Think about it,
Dominique

Re: better image theft prevention support

Using SV-Pro you can set the xml data path to be something other than 'gallery.xml'. Check section 2.6 in the SV-Pro docs.

Felix Turner
SimpleViewer Support Team.

Re: better image theft prevention support

Hi there and first of all thanks, too, for this fantastic application !

I tried something similar to what saloon12yrd did ( with the same
assumption that it would only make it a little bit harder to get to the
images ), using fo.addVariable("xmlDataPath", "otherdomain") and
Apaches mod_rewrite.

Got it working in IE and Opera, which send the referers, but funny
enough it doesn't work in Firefox, here the serverlog lacks
the referer, and the result is "Gallery not found".

Is this a SimpleViewer-Issue ?

Tried all FF-Versions I have and disabled all Addons, same effect.

Maybe sometime I'll get round to test this with a different
application, nevertheless any comment or help on this topic
would be welcome.

Thanks again, anyway !
D.

Re: better image theft prevention support

Hello again,

just for the sake of completion:
seems the developers of the Mozillacommunity regard
this behaviour as a feature.

bugzilla mozilla org SLASH show_bug cgi?id=410904

Regards,
D.