image protection in rails - javascript

I am looking for ways to protect my product images and I don't know if there's anything out there better than what I've already found: disable right click, use a transparent image in front of your picture and watermarking. Obviously none of them is perfect but I was curious if someone came up with a better solution to this problem.
Also is there any rails plugin to aid with that ?
Thanks

I really, really hate blocking right mouse click. It reminds me nineties when on right mouse click you get message that coping of this site is forbidden ;).
You can't protect your picture. For me the best way is just to put some copyright information and that's all.

There is no way you can do that at all, that is just smoke.
When you uses images in your website, they are downloaded to the client and they can be found in the cache, even if you try to block the user from right clicking and saving it.
They can even look at your html/css/javascript find the location for your picture and put that in their address bar.

You can't stop people from pinching images on the internet, so don't waste your time trying. Instead use a combination of strongly worded copyright messages underneath the image, and only store low-resolution files on the server.
For a photography site I've built in Rails, I have Paperclip trash the original high-resolution photo after it has generated a selection of smaller thumbnails. Combine it with a watermark in a corner of the image and you should have enough to make it a pain to steal a high-quality image, while not inconveniencing users.
Frankly, if I was to visit your website and you'd disabled right-click, I'd be gone in a matter of seconds.

I was looking for something similar, but for random images. I have not found anything so I thought I'd contribute here.
My last solution, using signatures, is something that could be applied here, though with some modification which I have also included at the bottom.
We should differentiate between (at least) two things:
A. Prevent someone saving images from within their browser.
B. Prevent someone writing a script to rip all of your images automatically.
Solutions:
A.
Pretty much impossible and also not what you want. Imagine a website that hassles you when you try to use your browser the way it was meant to be used. Right you'd be unhappy. There are perfectly legitimate reasons for someone to want to save an image, the most basic and flattering one would be to use it as a wallpaper on their computer or phone.
The best solution would be to include a watermark. That way people are reminded of where the images are from and they can still use them for private things.
I think this general rule applies on the internet: if you don't want it to spread outside of your control and you receiving credit: don't put it online.
B.
This is a less nice scenario. The most basic thing I've once done to make ripping images somewhat harder is to a. use unpredictable urls to images and b. create a script on your server that when called will fetch an image from your file system and then output this image. For example: http://example.com/some_image.php The code is really simple:
<?php
$name = './img/ok.png';
$fp = fopen($name, 'rb');
header("Content-Type: image/png");
header("Content-Length: " . filesize($name));
fpassthru($fp);
Source: SO answer on the topic
So what I have done once is I created a script like above, but added a timing option in there so that calling it (from the same session) twice within lets say 10 seconds would return the same image. This way an automated script could only go as fast as 1 image every 10 seconds. Additionally you could make the url contain some sort of timestamp hash:
http://example.com/some_image_$(md5(Time.now + "secret")_Time.now).png so for example:
`http://example.com/some_image_aihfio1n...oi12nof_1396723820.png
What you'd do to check if fetching the image is allowed is:
You take the requested file name, strip off 'some_image' and then the md5 hash. You then check if the given time ('1396723820') is within now and 10 minutes (allow for fluctuation). Then check if the hash is correct for that timestamp + 'secret'.
You can see this as a signature that is sometimes used in digital communication, although very basic and not very strong or anything.
Using this method for your production images could be something like this:
http://example.com/some_image$(md5($image_id, "secret",$timestamp))_$image_id_$timestamp.png
$image_id here is some sort of static identifier for your image (file_name, id of the product in your db, etc).
Please anyone, correct me if my assumption that this makes it harder to predict file paths is incorrect. In the end, the first rule to creating encryption patterns is "don't do it". So is the second. But this is a fairly innocent one to play around with.

have a look on how commercial image suppliers (like iStockphoto.com) protect their images that and see if that fits your need.

Related

determine final destination/url returned by a asp(?) by script

So, I'm sure this will get down voted and I'll be banned from the site because I'm a total newb that asks elementary questions/wrong questions/vague questions that irritate the community. But...I'm not sure where else to turn, this seems to be one of the best communities.
I use a live chat service. And they have this cut/paste bit of markup that you drop into your page and it'll display a jpeg indicating whether or not the chat service is open.
https://rci.ehosts.net/netagent/client/invites/chatimage.aspx?style=style0&questid=44D115D4-5242-476F-AE56-6AEECE8E9343&portid=28586436-7974-4E4B-BBDE-73E63BC3EAED&imagelanguage=en-us&customopenimage=https%3A//rci.ehosts.net/netagent/custfiles/en_chat_open.gif&customcloseimage=https%3A//rci.ehosts.net/netagent/custfiles/en_chat_closed.gif
If you drop that into a browser, it doesn't seem like anything happens. But if you set that as the src attribute of a image tag in a html page, it displays the appropriate image (chat online/chat unavailable).
My question is...can I determine the outcome of that script without dropping it into the page? Via either javascript or php? What'd like to do is make a script of my own that will determine which image is returned and do things other than just displaying the chat online/chat unavailable images.
Thanks!
EDIT: oh, the above url will redirect to the correct image if you change all the & to just &
I ended up following the redirect to see which image it takes me to. It was the only way I could think of. Ended up basically copying example #2, except that I returned the headers location, from the following link:
php manual

Altering a page from another site

Sorry for the vague question name - didn't know how to phrase it.
I have built a PHP engine to parse web pages and extract phone numbers, addresses etc.
This is going to be used by clients to populate an address book by simply entering a new contacts web address.
The problem I am having is useability:
At the moment the script just adds each item (landline number, fax etc) to a different list box and the user picks the correct one - from a useability standpoint this is hard work (how do you know which is the correct contact number without looking at the site)
so my question (finally!)
How would achieve the functionality of
http://bartaz.github.io/sandbox.js/jquery.highlight.html
On someone else website (I have no problem writing this functionality).
FOR CLARITY**
I want to show someone elses site (their contact page for example) on my site BUT I want to highlight items I have found (so for example add a tag around a phone number my php script has found)
I am aware that to display a website not on your domain an iFrame would be used - but as I need to alter the page content this is useless.
I also contemplated writing a bookmarklet that could be run on that page - but that means re-writing my parsing engine in javascript and exposing some of my tricks to make it accurate.
So I am left with pulling the page by cURL and then trying to match up javascript files, css files etc. that have relative URLs
Does anyone know how best to achieve this - and any pitfalls that might befall me.
I have tried using simple html dom parser - but it is tricky to get consistency and I also dont know how having two sets of tags, body tags etc. would affect sites.
If anyone has managed this before and could point me to the tools / general methods they used I would be eternally grateful!
PLEASE NOTE - I am very proficient with google and stack-overflow and have looked there first!
The ideal HTML solution
The easiest way to work around the relative paths for an arbitrary site would be to use the base href tag to specify the default relative location (just use the url up to the filename, such as <base href="http://www.example.com/path/to/" /> for the URL http://www.example.com/path/to/page. This should go at the top of the head block.
Then you can alter the site simply by finding the relative parts and wrapping them in your own tag, such as a span. For the formatting of these tags, the easiest way would be to add a style attribute, but you could also try to insert a <style> tag in the <head>.
Of course, you'll also need to account for badly made webpages without <html>, <head> or <body> tags. You could either wrap the source in a new set of these tags, or just put in your base and style tags, hoping that the browser will work out what to do.
You probably also want to make this interactive, so you should also wrap them with some kind of link, and ideally you'll insert some javascript to handle their actions by ajax. You should also insert your own header at the top of the page, probably floating at the top, so that they know they're using your tool. Just keep in mind that some advanced pages might then conflict with your alterations (though for those cases you could have a link saying 'is this page not displaying correctly?' to take the user to your original basic listbox page as a backup).
The more robust solution
Clearly there are a lot of potential problems with the above, even though it is ideal. If you want to ensure robustness and avoid any problems with custom javascript and css on the page you're trying to alter, you could instead use a similar algorithm to that used in text based browsers such as lynx to reformat the page consistently. Then you can apply your algorithm to highlight the relevant parts of the page, and you can apply your own formatting as well without risk of it not displaying correctly. This way you can frame it really well and maintain your interface.
The problem with this is that you lose the actual look of the original page, but you should keep the context around the numbers and addresses which is the important thing. You would also then be able to use some dynamic javascript to take the user to each number and address consecutively to improve the user experience. Basically, this is rigorous and gives you complete control over the user experience, but you lose the original look of the website which may or may not confuse your users.
Personally, I'd go for the second option, but I'm not sure if anyone's created such a parser before. If not, the simplest thing you could do would be to strip the tags to get it as plain text. The next simplest would be to convert it into some simple text markup format like markdown, then convert it back into html. That way, you'd keep some basic layout such as headings, italicised and bold text, etc.
You definitely don't want to have nested body tags. It might work, but it'll probably mess up your formatting and be inconsistent across browsers.
Here's a resource I found after a quick Google search:
https://github.com/nickcernis/html-to-markdown
There are other html to markdown scripts, but this was the more robust from the few I found. I'm still not sure though whether it can handle badly formatted pages or ones with advanced formatting, try it out yourself.
There are quite a few markdown to html converters though, in fact you could probably make a custom converter yourself quite easily to accommodate your personal needs.

JavaScript, Check if website is rendered and displayed on the screen

I was wondering if there are any methods to check if a website is successfully displayed or rendered on the a user's system.
The application of this is to to deliver a content if and only if it is a real user rather than a crawler/spider fetching the content.
so the check would be:
-check if the content is rendered/displayed,
-execute the next script
-otherwise
-do something else
any help is highly appreciated.
Cheers
Most crawlers simply do not execute any JavaScript, but you cannot really rely on that since it's easy to imagine a sophisticated company creating a search engine that actually does mimic a JS-enabled browser. Many crawlers have an easily identifiable user-agent string, but you cannot rely on that either.
You could do something, I suppose, like attempt to poll for the mouse x,y position a couple of times, looking for values other than 0,0, which is likely to indicate a person with an actual computer and pointing device is at the other end. That still may not get what you want for touch screen devices though. You might also consider waiting until you detect a scrolling event if your secondary scripts don't need to load right away.

Maintain height of the website

I have a client who wants to do a website with specific height for the content part.
The Question:
Is there any way that when the text is long / reach the maximum height of the content part, then a new page is created for the next text.
Within my knowledge, somehow I know this can't be done.
Thanks for helping guys!
You will probably want to look into something like jQuery paging with tabs
http://code.google.com/p/jquery-ui-tabs-paging/
Unfortunately you would need to figure out the maximum number of characters you want to allow in the content pane and anything after that would need to be put into another tab. You can hide the tab and use just a link instead.
Without more knowledge on what you're development is, this is a difficult question to answer. Are you looking to create a different page entirely, or just different sections on a page?
The former can be done using server-side code (e.g. Rails), and dynamically serving out pages (e.g. Google results are split across many page).
The latter can be done with Javascript and/or CSS. A simple example is:
<div id="the_content" style="overflow:hidden;width:200px;height:100px">
Some really long text...
</div>
This would create a "scroll" bar and just not disrupt the flow of the page. In Javascript (e.g. JQuery), you'll be able to split the content into "tabs".
Does this help?
(Almost) everything is possible, but your intuitions are right in that this can't be done easily or in a way that makes any sense.
If I were in your position, I would go up to the client and present advantages and disadvantages to breaking it up. Advantages include the fact that you'd be able to avoid long pages and that with some solutions to this problem, the page will load faster. Disadvantages include the increased effort (i.e., billable hours) it would take to accomplish this, the lack of precedent for it resulting in users being confused, and losses to SEO (you're splitting keywords amongst n pages).
This way, you're not shooting down the client's idea, and in the likely case the client retreats from his position, he will go away thinking that he's just made a smart choice by himself and everyone goes away happy.
If you're intent on splitting it up into pages, you can do it on the backend by either literally structuring your content into pages or applying some rule (e.g., cut a page off at the first whole paragraph after 1000 characters) to paginate the results. On the frontend, you could use hashtags to allow Javascript to paginate the results. You could even write an extensible library that "paginates" any text node. In fact, I wouldn't be surprised if one didn't exist already.

hide html page source

Is there is any way to hide asp.net page view source?
If you mean, can you hide your ASP.NET code: it's not visible in View Source.
If you mean can you hide your HTML: you can discourage casual peeking by creating your HTML on the fly via Javascript or AJAX, but a developer will always be able to see what you are doing, using simple tools like Firebug and Fiddler.
Edited to add:
I wasn't thinking of obfuscation (though that also discourages casual peeking), I was thinking of using javascript to pull down HTML. Doing a View Source will only show a bunch of <SCRIPT> tags.
But it appears his question has been revised to go in a different direction anyway, to can I keep people from downloading my images, and the answer to that is a simple no. Making money from small numbers of images is not a viable business model. (If you have thousands of images, that's another story.)
Edited to add:
The conventional way of making a catalog of photographs is to [a] show low-resolution previews, [b] put a watermark on each image (here's an example), or both.
Are you talking about ASP.NET or the result? Since ASP.NET is server-sided, it simply returns HTML. Basically, your ASP.NET file is processed by the server and variables and functions are converted into HTML. Your users can view the HTML but not the ASP.NET as it resides on server.
No, there is no way to hide the html source of a page. It's just not possible. There are tools that will promise the ability to do this, but don't believe them. Consider that it might not even be a traditional web browser that downloads the html.
What you can do is obfuscate it a bit, but even that is trivial to reverse.
No, you can't hide HTML, and there's no point either. There's nothing of value in the HTML. It would take maybe a couple hours for a skilled developer to replicate the look and feel of a website without even glancing at the HTML. In fact, it would probably be easier for him to do it his way.
The ASP/code-behind, however, already isn't visible. It's processed on the server and outputs HTML. Only the HTML (and CSS etc.) makes it to the client.
Reading the comments, it appears you want to prevent users from downloading your images. You can't really do that either. You can make it a lot more difficult for users to download them by embedding the images in Flash, or a Java applet, or something like that, but a determined thief could still decompile it and nab your image. Easier yet, he could just take a screenshot and save it out.
The best you can do is restrict access to the image to only certain users by making the image source point to a script instead that runs some validation before outputting the image.
This is not true you can hide source code. One way would be to write a loop that puts a 100k /n in the source code at the top. So it will push it so far down with white space that you can see it :-)
Where there is a problem there is a way.
And for all those who dont like this. Amazon used to hide there code somehow until sometime back.

Categories