Request values on ASP requested from SRC on another page

Discussion in 'ASP General' started by David Logan, May 13, 2004.

  1. David Logan

    David Logan Guest

    Howdy

    I am displaying an image on an ASP page using an <IMG Src=Image.asp>.
    Image.asp delivers the image using BinaryWrite. This is done to keep
    the images from being harvestable. My problem is I don't want
    somebody to be able to come directly to Image.asp so I wanted
    Image.asp to be able to get the Image to display from the originating
    page.

    Only problem is that in Image.asp the Request.Form collection is
    empty. Is there some way that I can determine that the request is
    coming from one of my pages and not somebody coming directly to
    Image.asp.

    I know that I could do this with a session variable but I don't want
    to enable session state. Does anybody have any ideas?

    Thanks

    David Logan
     
    David Logan, May 13, 2004
    #1
    1. Advertising

  2. David Logan

    Patrice Guest

    You could check the HTTP_REFERER variable that should be provided by most
    browsers. It allows to see where is the calling page.

    Patrice

    "David Logan" <> a écrit dans le message de
    news:...
    > Howdy
    >
    > I am displaying an image on an ASP page using an <IMG Src=Image.asp>.
    > Image.asp delivers the image using BinaryWrite. This is done to keep
    > the images from being harvestable. My problem is I don't want
    > somebody to be able to come directly to Image.asp so I wanted
    > Image.asp to be able to get the Image to display from the originating
    > page.
    >
    > Only problem is that in Image.asp the Request.Form collection is
    > empty. Is there some way that I can determine that the request is
    > coming from one of my pages and not somebody coming directly to
    > Image.asp.
    >
    > I know that I could do this with a session variable but I don't want
    > to enable session state. Does anybody have any ideas?
    >
    > Thanks
    >
    > David Logan
     
    Patrice, May 13, 2004
    #2
    1. Advertising

  3. David Logan

    Roland Hall Guest

    "Patrice" wrote in message news:%...
    : You could check the HTTP_REFERER variable that should be provided by most
    : browsers. It allows to see where is the calling page.

    The HTTP_REFERER is not reliable and can be easily spoofed with a proxy.

    --
    Roland Hall
    /* This information is distributed in the hope that it will be useful, but
    without any warranty; without even the implied warranty of merchantability
    or fitness for a particular purpose. */
    Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
    MSDN Library - http://msdn.microsoft.com/library/default.asp
     
    Roland Hall, May 13, 2004
    #3
  4. David Logan

    Patrice Guest

    I agree this is not totally bullet proof but it should allow already to
    prevent most direct requests for a minimal amount of work.

    "Roland Hall" <nobody@nowhere> a écrit dans le message de
    news:...
    > "Patrice" wrote in message news:%...
    > : You could check the HTTP_REFERER variable that should be provided by

    most
    > : browsers. It allows to see where is the calling page.
    >
    > The HTTP_REFERER is not reliable and can be easily spoofed with a proxy.
    >
    > --
    > Roland Hall
    > /* This information is distributed in the hope that it will be useful, but
    > without any warranty; without even the implied warranty of merchantability
    > or fitness for a particular purpose. */
    > Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    > WSH 5.6 Documentation -

    http://msdn.microsoft.com/downloads/list/webdev.asp
    > MSDN Library - http://msdn.microsoft.com/library/default.asp
    >
    >
     
    Patrice, May 14, 2004
    #4
  5. David Logan

    Steven Burn Guest

    Have you tried

    If Request.ServerVariables("SERVER_NAME") = "<your server"> Then
    '// show it.....

    etc etc......?

    --

    Regards

    Steven Burn
    Ur I.T. Mate Group
    www.it-mate.co.uk

    Keeping it FREE!


    "David Logan" <> wrote in message
    news:...
    > Howdy
    >
    > I am displaying an image on an ASP page using an <IMG Src=Image.asp>.
    > Image.asp delivers the image using BinaryWrite. This is done to keep
    > the images from being harvestable. My problem is I don't want
    > somebody to be able to come directly to Image.asp so I wanted
    > Image.asp to be able to get the Image to display from the originating
    > page.
    >
    > Only problem is that in Image.asp the Request.Form collection is
    > empty. Is there some way that I can determine that the request is
    > coming from one of my pages and not somebody coming directly to
    > Image.asp.
    >
    > I know that I could do this with a session variable but I don't want
    > to enable session state. Does anybody have any ideas?
    >
    > Thanks
    >
    > David Logan
     
    Steven Burn, May 14, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steve Richter

    <txt src= ...> equivalent of <img src= ...>

    Steve Richter, Feb 8, 2006, in forum: ASP .Net
    Replies:
    3
    Views:
    2,107
    Laurent Bugnion
    Feb 9, 2006
  2. Greg Johnson
    Replies:
    4
    Views:
    3,088
  3. Replies:
    1
    Views:
    1,628
    Alex Hunsley
    Mar 23, 2007
  4. pheadxdll
    Replies:
    16
    Views:
    3,699
    Neredbojias
    Jun 6, 2007
  5. Ankur
    Replies:
    1
    Views:
    351
    Daniel Ulfe
    Jul 1, 2009
Loading...

Share This Page