RE: IIS Security for Images

From: Tony Welsh (lists@snowwinter.f2s.com)
Date: 09/21/01


From: "Tony Welsh" <lists@snowwinter.f2s.com>
To: <SECURITY-BASICS@securityfocus.com>
Subject: RE: IIS Security for Images
Date: Fri, 21 Sep 2001 19:19:07 +0100
Message-ID: <DCEDJFCDHPNPPAEALMAOOEPLCFAA.lists@snowwinter.f2s.com>


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

isn't the simplest way just to have an ASP page check the session
variables and then (based on HTTP_REFERER) serve either the correct
image or some other resource if this being linked from outside your
site?

the only real problem here is that the simplest approach is the
easiest to defeat e.g. a simple .redirect will allow a choice of
resources and is simple to code and setup but equally is simple to
bypass if you understand http.

an alternative may be storing the images in a non-file format such as
in a database enabling them to be streamed out on demand.

- - Tony

- -----Original Message-----
From: Joe Darwin [mailto:jdarwin@evga.com]
Sent: 21 September 2001 00:50
To: SECURITY-BASICS@securityfocus.com
Subject: IIS Security for Images

I am looking fo ra way to keep the security tight and that way people
will have no way to link to my images from auction sites.

I think it may be done using an ISAPI filter but not really sure
where
to look. I have tried searches for "hotlink" & "Remote-Linking".

Any help is greatly appreciated.

Thank you

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: http://www.snowwinter.f2s.com/

iQA/AwUBO6uEma0tBy4nR959EQL0oQCgr0qZjJHqJw82LfS6775vvPbl57oAn2ud
uYZRQ9JykVcgUoIk7ACHmtgx
=qpgo
-----END PGP SIGNATURE-----



Relevant Pages

  • RE: IIS Security for Images
    ... Subject: IIS Security for Images ... Such a function should be encapsulated in an ISAPI filter. ... I've created a PHP script for that.. ...
    (Security-Basics)
  • Re: IIS Security for Images
    ... Subject: IIS Security for Images ... I've created a PHP script for that.. ... AFAIK PHP plays with IIS. ...
    (Security-Basics)
  • IIS Security for Images
    ... Subject: IIS Security for Images ... I am looking fo ra way to keep the security tight and that way people ... I think it may be done using an ISAPI filter but not really sure where ...
    (Security-Basics)
  • Re: IIS Security for Images
    ... Subject: IIS Security for Images ... and put this in your .htaccess file. ... RewriteEngine On ...
    (Security-Basics)
  • Re: gdi question
    ... | I guess the simplest way to find out what's going on is to note down the ... hit-and-miss. ... refresh on the browser a number of times, the files that show and don't show ... will vary and not in some rational pattern...even though the images being ...
    (alt.php)