tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Secured photo rendering
Date Tue, 09 Mar 2010 15:08:37 GMT
David kerber wrote:
> Caldarale, Charles R wrote:
>>> From: André Warnier [mailto:aw@ice-sa.com]
>>> Subject: Re: Secured photo rendering
>>>
>>> But it should not, if the server sends the image with the appropriate
>>> "no caching" and/or "expires" HTTP headers.
>>
>> The headers don't matter, since the client has the image in hand.  
>> Browsers, for example, allow a right-click to save the image, 
>> regardless of the caching state.
> 
> I've seen javascript used to prevent right-clicking to save the image, 
> but nothing can prevent them from taking a screen shot.
> 
> 
>>
>>> Now how one would set such headers easily in Tomcat for static
>>> documents, that I don't know.
>>
>> Filters - but it won't help.
>>
Ok guys, I may have misunderstood the issue.
I agree that nothing will help, to stop a client doing anything it wants 
with anything that your server has already sent to it.
That's a basic truth for anything www-wise (which hasn't stopped people 
spending fortunes to try and prove the opposite).
But I (mis?-)understood the issue as being that the OP wanted to force 
browsers to reload some images from the server each time, and not use a 
(possibly stale) cached copy.
In that case, the HTTP headers should help.
Of course, only with well-behaved browsers.
But hey, even IE is getting better with time.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message