Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Securing website

sliceoftoast

sliceoftoast

macrumors 6502
Original poster
Mar 3, 2012
489
112
In a Toaster
Hi, world.

Is it possible to secure a website to stop people from downloading any pictures/video media hosted on the website? The same would apply to prevent people from downloading a program called site sucker and pulling the entire thing offline.

Is that possible to do?
 
I

IHelpId10t5

macrumors 6502
Nov 28, 2014
486
348
NO! Sounds like you need to educate yourself about how a web server works before hosting a website. To give you a very simple explanation, once a site visitor has viewed your website in their browser, they have ALREADY DOWNLOADED the page and all of the resources that were included in displaying the page.
 
  • Like
Reactions: cyb3rdud3
sliceoftoast

sliceoftoast

macrumors 6502
Original poster
Mar 3, 2012
489
112
In a Toaster
I am not in anyway hosting this website for this customer, sorry I should have explained this at the beginning. They reached out to another company to design/host their website. I was asked by the customer as I do their IT work - If it is possible to prevent people from stealing content from it.

If it isn't, then so be it.
 
C

cyb3rdud3

macrumors 68040
Jun 22, 2014
3,328
2,076
UK
As per IHelpId10t5 I don’t quite get the ask...A browser runs locally on the visitors device, in order to view what is on their website they will have to download the content to their browser. As per that definition they already ‘stolen’ their content....Please note I put stolen in quotes as it is of course never stealing because if you didn’t want them to see it then you wouldn’t publish it in the first place...
 
D.T.

D.T.

macrumors G4
Sep 15, 2011
11,050
12,460
Vilano Beach, FL
cyb3rdud3 said:
As per IHelpId10t5 I don’t quite get the ask...A browser runs locally on the visitors device, in order to view what is on their website they will have to download the content to their browser.
Click to expand...

What I believe they're asking for, is a way to block the user from "manually" saving the content locally, i.e.:

upload_2017-12-28_11-52-37.png



So OP, there are some "tricks" to prevent this: trap mouse clicks (prevent the context menu from being exposed), using CSS/backgrounds (so it's not an image container), using an HTML5 canvas and writing the image data into it, overlaying a transparent GIF - they all have workarounds (heck the first one has a Chrome plugin that defeats it, as well as some other script-y anti C&P things).

It just depends on the sophistication of the user and if you're simply trying to discourage it or provide complete prevention (it's kind of like The Club, doesn't prevent car theft, but makes it just a touch harder). Most of the above tend to work against simple URL scrapers, you know, like running cURL.

However, just like you see above, there's always a screen cap that completely indefensible.
 
C

cyb3rdud3

macrumors 68040
Jun 22, 2014
3,328
2,076
UK
The point is, the content is already there locally whether you disable that menu or not. Security through obscurity is not security.
 
D.T.

D.T.

macrumors G4
Sep 15, 2011
11,050
12,460
Vilano Beach, FL
cyb3rdud3 said:
The point is, the content is already there locally whether you disable that menu or not. Security through obscurity is not security.
Click to expand...


As someone who - among other widely varied work in the tech sector - is involved with security related efforts (DOD/DS), I totally agree ;)

I was simply framing his question - with a little more clarity - by way of answering what I assumed he was actually asking.
 
Texas_Toast

Texas_Toast

Suspended
Feb 6, 2016
1,718
329
Texas
If you can see it on a website you can download it and steal it.

I agree it would be nice if you could put a bullet-proof wall in between your content and visitors but you can't.

That isn't how the Internet works.
 
C

cyb3rdud3

macrumors 68040
Jun 22, 2014
3,328
2,076
UK
D.T. said:
As someone who - among other widely varied work in the tech sector - is involved with security related efforts (DOD/DS), I totally agree ;)

I was simply framing his question - with a little more clarity - by way of answering what I assumed he was actually asking.
Click to expand...
Sure fair enough - I think it is always dangerous to assume anything. Also, and I'm sure you already know, but just in case the assumption was correct and the OP decides to return...The right click block is easily bypassed by switching off javascript :)
 
D.T.

D.T.

macrumors G4
Sep 15, 2011
11,050
12,460
Vilano Beach, FL
cyb3rdud3 said:
Sure fair enough - I think it is always dangerous to assume anything.
Click to expand...

Yeah, I've been a developer for 25+ years, I've seen this come up again and again, not too much of a leap-of-assumption as to what they're trying to solve (that we know is 100% unsolvable ...) Heck, I can think of several sites right off the top of my head that have implemented some kind of "protection" (note the quotes :)) along these lines, and all it takes is someone seeing that and thinking "Oh, they did it, how can I do it".


cyb3rdud3 said:
Also, and I'm sure you already know, but just in case the assumption was correct and the OP decides to return...The right click block is easily bypassed by switching off javascript :)
Click to expand...

Sure, that's why I included this catch all in my post ;)

D.T. said:
they all have workarounds
Click to expand...
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom