如何隐藏/保护图像路径? [英] How can i hide/secure image path?
问题描述
如何在asp.net中隐藏/保护图像路径?我不希望用户直接看到图像路径.
How can I hide/secure image path in asp.net? I don't want the user see image path directly.
我用我的问题进行了搜索,并找到了以下URL:
I have googled with my problem and found the following URL:
http://www.codeproject.com/KB/web-security/ImageObfuscation.aspx
在此页面上,建议像这样更改图像路径:
On this page it suggests changing the image path like this:
<img ID='ImageControl'
src='ShowImage.axd?Path=<% EncryptString("C:\Images\img.ext", Page) %>'
但是如果用户复制此图像src并将其粘贴到具有域名的浏览器中,它将显示图像.
But if user copy this image src and paste it into their browser with the domain name then it will show image.
推荐答案
这实际上取决于您要实现的目标.
It really depends on what you are trying to achieve.
如果您尝试阻止其他人从另一个站点链接到您的图像,那么最好的选择是扩展您在问题中提到的处理程序,以仅在 Request.Referrer 是您自己的网站.
If you're trying to stop people linking to your images from another site, then the best option would be to extend the handler you mentioned in your question to only return an image if the Request.Referrer is your own site.
这意味着如果他们随后尝试通过您的处理程序链接到该图像,他们只会看到损坏的图像/没有图像,他们将无法直接在其浏览器中请求图像,等等.
This means that if they did then try and link to the image via your handler, they'd only see a broken image/no image, they wouldn't be able to request the image directly in their browsers, etc.
您还应该在加密路径中包含某种时间戳记,并拒绝来自不久前的请求-这将再次限制链接的有效性:
You should also probably include some sort of time stamp in the encrypted path, and reject requests that come from too long ago - this will again limit the validity of the links:
<img ID='ImageControl'
src='ShowImage.axd?Path=<% EncryptString("C:\Images\img.ext|" + DateTime.Now.ToString(), Page) %>'
然后在您的处理程序中
Dim pathAndTimeEnc As String = ctx.Request.Params("Path")
Dim pathAndTime As String
Dim path As String
Dim timeStamp As DateTime
pathAndTime = Common.DecryptString(pathAndTimeEnc, ctx)
Dim parts = pathAndTime.Split("|"C)
path = parts(0)
timeStamp = DateTime.Parse(parts(1))
Dim fiveMin As TimeSpan = New TimeStamp(0, 5, 0)
If DateTime.Now.Subtract(timeStamp) < fiveMin Then
' Return image.
End If
如果您要尝试阻止其他人下载图片,那么您并没有比最基本的互联网用户停止更多的选择了-毕竟要在您的网站上显示图片,需要将其副本发送到客户端浏览器.
If you're trying to stop people downloading your images then you're not really going to stop more than the most basic internet user - after all to display the image on your site, you'll need to send a copy of it to the client browser.
但是,有两个可能使它变得更难的选项:
However, a couple of possible options to make it harder:
- 确保图像立即过期,这意味着浏览器不应将其保留在本地那么长时间-但这确实意味着将不会缓存任何图像,并且最终将给重复观看者带来更高的带宽使用率;如果使用处理程序,则可以在代码中执行以下操作:
Response.Cache.SetCacheability(HttpCacheability.NoCache);Response.Cache.SetExpires(DateTime.Now); - 使用CSS将透明的1x1px图像放置在您网站上图像的顶部-这样,如果用户右键单击该图像进行保存,他们将获得透明图像的路径,而不是他们所获得的路径.期待(Flickr确实/曾经这样做)
最终,如果您将一些内容放在网上,那么很难阻止最专注的小偷"获取和使用它.
At the end of the day, if you put some content online, then it's very hard to stop the most dedicated "thief" from taking it and using it.
这篇关于如何隐藏/保护图像路径?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
