Hiding img src paths from code?
I suspect that this is impossible, but I'm trying to be optimistic...
I'm running a site that uses jquery & php. Via ajax, I'm dynamically loading images to a page. The problem is that the paths to the images are visible when you view the source of the page. I'm trying to figure out if it's possible to prevent the path from displaying? I just don't want anyone seeing those paths or being able to access them. 开发者_如何学JAVASo, I don't know if there's some sort of magical programming solution or something to do with htaccess, but if anyone knows how to accomplish this, I'd appreciate pointers / links / or brilliance...
As the browser needs to know where to fetch the data from, it cannot be hidden easily.
But you can it make the "attacker" a little bit harder. E.g., you can give URLs with a script behind loading the given images. The script does so only if called with the correct Referer:
header.
Are Data URIs an option for you?
If not, preventing hotlinking (via Referer
) would be the way I would do it, possibly with some obfuscation (depending on your user base).
Everything that's visible to the browser is visible to the clever user in one way or the other
You can hide them from lamers, but not from programmers
Anti-lamer techniques can include:
1) setting data-mangled-src attribute to something like ROT13(real-src), then doing
$('img').each(function () { $(this).attr('src', ROT13($(this).data('mangled-src')))})
2) setting some data-id attr, then AJAX-requesting the src from the server
But anyway, the URL goes to the browser, then it's visible to the user
3) And, of course, you can load your images into flash 'viewer', which is probably the most advanced way of hiding them
So... If you make the load path an internal link in php Requested through Ajax that should hide the path in network inspector... By this I mean maybe query a db that generates a temp path to the image that expires...
Then with the loaded image you could save it a canvas element... Thus no src
There are a few ways you can go about hiding image URLs.
- Use a plugin: you can use flash, a java applet, etc to load the images
- Use a traffic cop: you can set the source of all the images to a single PHP script, with some kind of parameter to specify which image you want. That script can check sessions variables / referer / whatever you want; if everything checks out, you can do a file_get_contents() to load the actual url of the image, then echo that out to the browser.
I've created a website to help you hide the image src of your precious photos and images.
My website will hide the source path of your image, and it also allows you to 'Lock' your photo to a specific domain eg. example.com so that the photo will only display example.com and not on facebook.com or wherever the link to the photo is reposted.
http://hideimgsrc.com
It's easier and faster than a java script based solution.
精彩评论