Protecting Images

bandit8

Hi,

I have a Flash application that calls in high-quality images from a folder on my server (using urls in an XML file). The worry is however that people will take these images and be able to use them for their own purposes without my permission.

I tried password protecting the images folder using .htaccess, and then in flash I appended the username and password to the url to give it access (i.e. http://username:myPassword@mysite.com/myImages) ... and that works for keeping people out of the 'myImages' folder, and also allows Flash to pull in the picture. The problem is though, that in Safari (and I imagine other browsers as well), if I open the 'activity' window, it shows all of the various files (php scripts, images, flash movies) etc. currently being used by that webpage, and in the line where it shows flash calling in the image, it includes the user name password! I had been hoping it would just show the link to the image...but its showing 'http://username:myPassword@mysite.com/myImages/mypic.jpg'

Obviously this is unacceptable since anyone who is smart enough to open the 'activity' window has the username/password right on display for them!

Any ideas on how I could protect these files using PHP (or anything else you can think of), and still be access them through Flash? ...or how to make it so that the username/password aren't visible through things like the Activity window??

Any suggestions would be greatly appreciated,

Thanks!
-b.

dagon

i could take a screen shot of the page and steal them, you probably want to watermark them

bandit8

dagon;10883618 wrote:
i could take a screen shot of the page and steal them, you probably want to watermark them

Hi dagon,

You raise a very good point, and watermarking woudl def. be the easiest method if it didn't affect the purpose of the application... as the images need to be shown in their original state. However, when they are displayed in flash, they are scaled down to about 50% of their actual size, and so the quality is diminished enough that I am not concerned about people taking screen shots and stealing them.

I'm wondering if it's possible to place the images in a folder on the server that is not accessible to the web, and somehow still accessing the url through Flash? (not sure if that makes sense)

-b.

Weedpacket

You could build encryption into the Flash application, and serve an encrypted file; at the same time require the file to be retrieved in several separate chunks that have to be reassembled by the application. (This is not entirely dissimilar to Youtube). To get at the image then would require reverse-engineering the Flash application and its decryption mechanism.

bandit8

Weedpacket;10883662 wrote:
You could build encryption into the Flash application, and serve an encrypted file; at the same time require the file to be retrieved in several separate chunks that have to be reassembled by the application. (This is not entirely dissimilar to Youtube). To get at the image then would require reverse-engineering the Flash application and its decryption mechanism.

Hi Weedpacket,

Thanks for your reply. The idea of having the file retrieved in several separate chunks and then reassembled by the app. is a good one, and I had thought about doing that but still didn't know how to avoid having the location of those pieces being visible....Plus there are going to be 100's of images that are used by this app...so I was hoping to avoid that route, as that would be a lot of work to have to go back and batch out all the images chopped up!

Can you expand a bit more on building encryption into the Flash application, and serving an encrypted file?

Thanks again,
-b.

Weedpacket

Not really, to be honest; I've never done much Flash programming myself, just worked with others who did. You might get some idea from a Flash forum (and someone there might know of an encryption library already available that you can use). But a really basic example would be to keep a string of random bits inside the Flash application, and have the file XOR'd with this noise when it's served; when the Flash application receives it, it XORs what it receives with the noise again, recovering the original data.