Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 90394 invoked from network); 28 Oct 2006 19:11:01 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 28 Oct 2006 19:11:01 -0000 Received: (qmail 85625 invoked by uid 500); 28 Oct 2006 19:10:54 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 85599 invoked by uid 500); 28 Oct 2006 19:10:53 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 85574 invoked by uid 99); 28 Oct 2006 19:10:53 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 28 Oct 2006 12:10:53 -0700 X-ASF-Spam-Status: No, hits=0.5 required=10.0 tests=DNS_FROM_RFC_ABUSE X-Spam-Check-By: apache.org Received-SPF: neutral (herse.apache.org: local policy) Received: from [206.18.177.51] (HELO alnrmhc11.comcast.net) (206.18.177.51) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 28 Oct 2006 12:10:40 -0700 Received: from best.com (c-24-6-61-94.hsd1.ca.comcast.net[24.6.61.94]) by comcast.net (alnrmhc11) with SMTP id <20061028191019b1100fmnr8e>; Sat, 28 Oct 2006 19:10:19 +0000 Message-ID: <4543AB14.7000809@best.com> Date: Sat, 28 Oct 2006 12:10:12 -0700 From: Maurice Yarrow User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031114 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Tomcat Security References: <45427D79.2060504@christopherschultz.net> <45429DA0.2060601@best.com> <45434E9E.7070807@christopherschultz.net> In-Reply-To: <45434E9E.7070807@christopherschultz.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Chris Yes, thank you for clarifying you question: The answer is the latter: authentication required. In fact, there are three levels of privacy on these images and documents: public: (everyone can view) passworded: (password required for viewing: say, your family only. This pw specific to these views) private: (only you, the owner, have access - so only your login permits you to see these views) Presumably, most views are public, but this has to be the owner's decision, no ? Maurice Yarrow Christopher Schultz wrote: >>Silly question for Maurice: why are you trying to protect your images? >>Do you want to stop people from ripping them off from your site? >> >>It's not my call, but the customer's. >> >> > >You still didn't answer the question: what is the goal, here? Do you >want to "prevent" linking to your images from other pages? Prevent >people requesting the images directly? How about "nobody gets an image >unless they are authenticated?" > >-chris > > > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org