> From: "Ryan Holowaychuk" <[EMAIL PROTECTED]>
> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> Sent: Friday, June 20, 2003 2:26 AM
> Subject: [PHP] securing a graphic
>> Is there a way in PHP that I can secure a graphic, so that when the page
is
>> loaded it will show the graphic, but is not able to be right clicked on
or
>> downloaded to there desktop.
>>
>> Thanks
>> Ryan
>
>
>"Haseeb Iqbal" <[EMAIL PROTECTED]> wrote in message
news:LAW15->[EMAIL PROTECTED]
> yeah there is a way you have to use some third party tools for that.
> http://www.antssoft.com/htmlprotector/index.htm
> .php can't do this AFAIK
This "security tool" will stop 95% of the general public,
mostly by looking scary. Anyone who knows what they're
doing will go through it in about 20 seconds.
They work in three steps:
first, they have a decryption function which is url-encrypted:
function hp_d01(s) {
var
o="",
ar = new Array(),
os = "",
ic = 0;
for ( i = 0; i < s.length; i++ ) { // for each char in the
encrypted string
c = s.charCodeAt(i); // get the ascii value
if ( c < 128 ) // if 7bit ie all alphanumberics
and punctuation
c = c^2; // XOR with 00000010 ie flip
second-lowest bit
os += String.fromCharCode(c); // cast back to char and append
to working string
// this stuff is for working around Javascript's slow string
concatenation:
// work with a temporary string until it gets up to 80
characters long,
// then store it and start a new working string.
if ( os.length > 80 ) {
ar[ic++] = os;
os=""
}
}
// concatenate all the temporary strings to get the final
decrypted string
o = ar.join("") + os;
document.write(o)
}
second, they use their decryptor to expand a block of code
which tries to lock down the browser to as great an extent
as possible, encrypted in their custom code.
third, in the body of the page, they use their decryptor to
expand the actual body of the page.
Here is the page code with all the decryption/lockdown junk
stripped out:
<html>
<head><meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">
<title>Sample page protected by HTMLProtector</title>
<STYLE type=text/css>
<!--
body, p, td, dd, dt, ul, ol, li, blockquote {font-family: "verdana",
"arial", "sans-serif"; font-size: 9pt; color: 111111;}
div.sidebar {font-size: 8pt; margin: 0}
h1, div.title {color: 000079; font-size: medium; font-weight: bold;
margin-bottom: 0}
h2 {color: 000079; font-size: small; font-weight: bold; margin-bottom: 0}
dt {color: 000079; font-weight: bold; margin-bottom: 0.5em; margin-top:
2em}
A:aalink {font-weight:bold; text-decoration: none}
-->
</STYLE>
</head>
<body bgcolor="#FFFFFF" text="#000000">
<h1 align="center">Sample page protected by HTMLProtector<br>
<br>
</h1>
<table width="100%" border="0">
<tr>
<td width="120">
<div align="center"><img src="/image/sample.gif" width="80"
height="80"></div>
</td>
<td width="874">
<p align="center">It's a sample text paragraph.<br>
<a href="/htmlprotector/index.htm">It's a sample link</a>.<br>
<a href="mailto:[EMAIL PROTECTED]">It's a sample email
link</a>.</p>
</td>
</tr>
</table>
<p>This page has been protected by HTMLProtector with follow features:</p>
<ul>
<li>Protect BODY section</li>
<li>Make page expire immediately</li>
<li>Disable Internet Explorer 6 image toolbar<br>
</li>
<li>Disable right mouse button</li>
<li>Disable text select</li>
<li>Disable off-line viewing</li>
<li>Don't display links in status bar</li>
<li>Disable page printing</li>
<li>Disable clipboard and printscreen</li>
<li>Disable drag and drop</li>
<li>Disable adobe acrobat web capture<br>
</li>
<li>Kill frame</li>
<li>Domain lock</li>
<li>URL lock</li>
</ul>
<p>Please take a look on what HTMLProtector can do for you!</p>
<p> </p>
</body>
</html>
As you are looking specifically for image
protection, notice the line
<img src="/image/sample.gif" width="80" height="80">
Try visiting
http://www.antssoft.com/image/sample.gif
Real secure, eh?
The bottom line is, the web page and graphic must
be publically available and decryptable in order for
people to view it in a browser. If the browser can
decode it, so can just about anyone that knows what
they're doing.
Also note, this scheme adds about 4 1/2 kb to
the size of your page and makes it unusable by
non-Javascript-enabled browsers. Why bother?
--
Hugh Bothwell [EMAIL PROTECTED] Kingston ON Canada
v3.1 GCS/E/AT d- s+: a- C+++ L++>+++$ P+ E- W+++$ N++ K? w++ M PS+
PE++ Y+ PGP+ t-- 5++ !X R+ tv b++++ DI+++ D-(++) G+ e(++) h-- r- y+
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
