Forum Moderators: open
How can I use a simple JavaScript function to disable the PrintScreen button and perhaps an alternative that also disables the Mac-equivalent function (Shift+Cmd+3 or 4, I believe)?
I know that this will not prevent determined users stealing images. I know they can just turn off JavaScript, or use a dedicated screen capture program, or just deactivate the browser window and probably many other things. I know, I know. But it will help. Can anyone assist?
Thx, Prem.
I would imagine that if people could use Javascript to disable keyboard function it would pose a bit of a security risk?
If someone wants it bad enough, they can figure a way to save it.
I took it out of the site protection pack for images due to the fact that it also disables the entire "cut and paste" and "print screen" facilty of windows ( at least all the 95 and 98 II versions XP etc ) for the current session ...
Ie; ..while the computer which has accessed the page is switched on the entire right click capability associated with all cut and paste and print screen via key shortcut operations are unavailable for all file types ..even when the machine is no longer connected to the internet ....
You've got to reboot the machine to be able to right click and copy paste any file type ....
Its not a mistake in my java ..because it wasn't intended to dissable all file types just image types ...but windoze being what it is reads the "forbid" command to one file type handler in this area to be applicable to all file types...nice one Bill!
Discovered its side effects when trying to debug the very same script on server ....
and couldn't use right click later on the home machine for anything else when disconnected .....
didn't think my visitors would appreciate the "jacking" of their machines in this way so removed it ....
Print screen is now the only way you can "get at" my images via the site ......
had to accept that some will do so in order to keep the white hat on ...basically if you use it you are hacking the veiwing machine ....IMHO
If Moneysoft clean up their code so it can be made more discriminatory I'll put it back ....
HelenDev: Perhaps you could write a Javascript function to arrest anyone trying to steal pictures from your website? ;)
Thanks for this, HelenDev. Perhaps you could help me write it? And how about a JavaScript function to vaporize any users who pass flippant comments in online forums? :P
Leosghost: while the computer which has accessed the page is switched on the entire right click capability associated with all cut and paste and print screen via key shortcut operations are unavailable for all file types ..even when the machine is no longer connected to the internet
That doesn't sound like a fun solution! I can see why you took the script off your site... Thanks for the details anyway.
Leosghost: Print screen is now the only way you can "get at" my images via the site
Does that include preventing people copying from their browser's cache or from saving the page (including images) to disk?
Excuse what may seem like an overeager precautionary approach - I know that if you want to keep something secure then you shouldn't put it on the web - but I am trying my best to fulfil a client's request and I am also interested in researching all these possibilities.
Any more offerings?
-- Prem
But ...( tap on wrist here ) ..
Flippancy , humour etc is one of the reasons that I for one come here , don't knock it , when you're reading thru 100 + posts of how too do something reeeellly geeky in a PHP forum ...flippancy can save your brain from overload ....Laughing keeps you younger ...for other recipes check out foo ...
You could also put eveything in Flash and then write a no cache onto the page html .....
But some people wont stay for the downloads etc ...
Security and accessibility are always trade offs....
Oh and what I've left in place does include all the stuff you mentioned .."printscreen while the page is visble is now the only way to get my artwork " ...you cant save page , drag n drop , save image or anything else ....except print screen ...and even then only via a paper printer ....Screen capture for later manipulation via software wont work ...
Add this to the head of the page:
<link rel="stylesheet" type="text/css" href="printstyle.css" media="print">
And in the file "printstyle.css" you put:
* {display:none;}Of course, it won't work in older browsers which don't support print stylesheets, or if CSS is disabled, but apart from that, the method works well and probably covers the vast majority of your users (even if they have Javascript disabled!).
These are two that honestly I never thought of ...far too java oreintated me....
The reason that I personally went the java route to begin with was that the actual "call" path for the images could be "hidden" so they couldn't simply access the folders instead of the pages and so take the images that way ....
made my solution more complex than it needed to be ...
what do your two methods do as regards drag and drop to other windows to capture the image...
Be aware that anyone can still get your images by viewing source, uncovering the URL, and downloading the image directly.
Can you post an example link(s) to show these methods on action? Or stiky me.
Thanks.
However, "NOTHING" may be just a bit over the top. Nothing within reason, perhaps, but not nothing. Premasagar could always require the installation of a downloaded app or plug-in to view his images. Remember the "Outer Limits"? "We control the interrupts, we control the registry . . ." Okay, I'm paraphrasing, but you get the idea.
It seems that we have opened that old Pandora's Box of the many ways to prevent image capture. I had only intended to find a way to disable the PrintScreen key. I know that normal keypresses can be captured using JavaScript, so I am surprised to learn that capturing the PrintScreen key seems impossible. I'm still interested if anyone thinks they know how to do that (without violating the administrative rights of the user - I certainly don't want to do that! - and also without causing hassle to the average user - e.g. not disabling their entire keyboard or their right-click).
But seeing as we have somehow opened that box of magickal tricks, why not once and for all create a complete list of genuinely useful methods for preventing image theft. In doing so, it is recognised that whatever is done, someone can get round it. The point is to prevent the most casual of users taking something you want to protect. As they say, locks are only to keep out honest people.
I am not usually so cautious for my intellectual property rights on the web. I am quite happy if someone wishes to use my code, my thoughts and whatever else - they may want to leave a credit, though :o) . I would not protect all images on a site. But sometimes, some things may be worth securing against the average attempts.
I'd like to spend time intially in setting up a good system, then make it easy to post new images without hassle. So I don't like the idea of splitting each image up into thousands of randomly named pieces to make it harder for people to put it back together. Besides, that could be avoided by preventing cache saving and other methods.
Leosghost, for the record, could you post your methods for preventing cache saving, file saving and any other little tricks you have.
(By the way, I don't mind a little heartfelt flippancy - hence my reply to the original comment!)
I'll put the list in a new post. This one's too long already...
Prem.
This is pretty much what the piece of Java I had did...basically on the site I put it onto the following applies ...
If you don't have javascript enabled you don't get to see the "images" just the very low definition thumbnails.....
Then when the thumbs are clicked... "images" are called via a heavily crypted java routine which switches off all the functions which can be controlled by java which would allow you to copy an image ....( previously this routine also included a couple of lines which cancelled "printscreen" as it could be invoked by hitting any button on the keyboard including the "default print screen button"...it also stopped screen capture programmes...the problem was it accidentally also stops all other clipboard functions per "current windoze session"....sort of shot myself in the foot there first time of using it...)...
As I was working on the site with with a friend this prompted a ...
"What the **** happened to the site , it hijacked my windows until I rebooted the damn thing "
So we took this small bit of code out of the routine .....
( my apologies to anyone who visited while it was there )
Given the other methods suggested here it was overkill....
and by my own definition is "hacking" the machine which arrives to any site with it in place...
These fora ( love that word and gonna milk it ..heh heh ) ...are not the place for passing on how to do it ...
I suspect that anyone who plays around with javascript enough will get it without further explanation ... if you want to see how the images on the site are protected at the moment sticky me for the url and I'll get back to you later ....Busy now ...cooking and being with my son ..
There are probably much simpler ways to acheive the same thing ..but I'm dad first, companion second , artist third , cook fourth , apprentice geek comes much further down the list ...
1. Put desired image in an external stylesheet
(a) Put an div in the HTML page. (b) Put a single-pixel blank image in the div. (c) In an external CSS style sheet, make the div's background image the actual image to display. Eg:
HTML page head: link to the style sheet
<link href="/style/main.css" rel="stylesheet" type="text/css" />
HTML page body: display div with blank image
<div id="x1" class="x"><img src="/images/blank.gif" width="150" height="250"></div>
CSS sheet: display the background image
#x1
{ background: transparent url(/images/protect/pic.jpg) top left no-repeat; }
This method will mean that a right-click "Save Image", or a drag-and-drop will only yield the blank.gif image. It also means that the filename of the protected image will only be in the CSS style sheet, not the HTML page - most people won't find it. It requires no JavaScript.
---
2. Use a CSS print style to prevent images being printed with the page (could also use an external stylesheet)
This will not be activated if the user has CSS turned off (or has an ancient browser), but since the original protected images were put there by CSS in the first place, then nothing will be displayed anyway. So they still can't print them!
HTML page head:
<style media="print" type="text/css">
div.x {display:none}
</style>
---
3. Kill that damn Image Toolbar in Internet Explorer
HTML page head:
<meta http-equiv="imagetoolbar" content="no" />
---
4. Prevent search engine robots from caching images
HTML page head:
<meta name="robots" content="index, follow, noimageclick, noimageindex" />
or robots.txt file:
User-agent: *
Disallow: /images/protect/
---
5. Prevent hotlinking to images from outside your website
See this thread [webmasterworld.com] and this site [webspiffy.com].
.htaccess file: on Apache servers
When a request is made for an image from outside the website, a different image, stolen.gif is served (basically saying that this image was stolen from www.example.com)
Options FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_URI}!images/stolen\.gif$
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER}!^http://(www\.)?example\.com/? [NC]
RewriteRule images/ http://www\.example\.com/images/stolen\.gif [R,L]
Or:
Another way to refuse access to those images.
SetEnvIf Referer "^$" local_ref=1
SetEnvIfNoCase Referer "^http://(www\.)?example\.com/" local_ref=1
<FilesMatch "\.(gif¦jpg)">
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>
---
6. Prevent images saving to cache
Leosghost?
---
7. Prevent saving current web page
Leosghost?
---
8. Anything else?
It should not cause hassle to the average user - no right-click disable, keyboard disable or required obscure plugins.
It should also not be a hassle for the administrator after initially setting up the site - e.g. no splitting the image into very many pieces.
I guess you could also encrypt the HTML and/or JavaScript source, but that's an ongoing hassle for each newly created page, not a one-time solution. See this [geocities.com] if interested.
---
So...
Prem
[edited by: premasagar at 5:01 pm (utc) on April 8, 2004]
surprised to learn that capturing the PrintScreen key seems impossible
And what if the window doesn't have focus? Then I can still use PrintScreen to capture the whole screen. And, even if you find something that seems to block it... What if I turn JavaScript off? And what if I view your source code to find the image URL, and then open it directly in my browser? Or, what if I save your page instead of opening it, and then modify the code to be able to take screen captures?
Like I said... There is nothing you can do to prevent this. We've had this same discussion over and over again, but to no avail. The conclusion is the same, no matter which functionality you're trying to block -- it is impossible.
