tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Secured photo rendering
Date Tue, 09 Mar 2010 15:08:37 GMT
David kerber wrote:
> Caldarale, Charles R wrote:
>>> From: André Warnier []
>>> Subject: Re: Secured photo rendering
>>> But it should not, if the server sends the image with the appropriate
>>> "no caching" and/or "expires" HTTP headers.
>> The headers don't matter, since the client has the image in hand.  
>> Browsers, for example, allow a right-click to save the image, 
>> regardless of the caching state.
> I've seen javascript used to prevent right-clicking to save the image, 
> but nothing can prevent them from taking a screen shot.
>>> Now how one would set such headers easily in Tomcat for static
>>> documents, that I don't know.
>> Filters - but it won't help.
Ok guys, I may have misunderstood the issue.
I agree that nothing will help, to stop a client doing anything it wants 
with anything that your server has already sent to it.
That's a basic truth for anything www-wise (which hasn't stopped people 
spending fortunes to try and prove the opposite).
But I (mis?-)understood the issue as being that the OP wanted to force 
browsers to reload some images from the server each time, and not use a 
(possibly stale) cached copy.
In that case, the HTTP headers should help.
Of course, only with well-behaved browsers.
But hey, even IE is getting better with time.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message