Jump to page:
Page 1: Introduction
Page 2: Non-technical solutions
Page 3: Technical solutions
Page 4: Summary
Quick links:
things home page
about you
circle line walk
tribute to field (opens in new window)
adventures in povray - part 1
adventures in povray - part 2
supanames rant
bandwidth leeching
Taking "technique 1: Manual file renaming" a step further, you could write a program/script to automate the renaming process. You could store the current correct filenames in a database for example, and have the files copied/renamed automatically on a regular basis.
Automating any process is obviously a good thing, as you no longer have to worry about checking which files to rename, making sure you've updated all references on your own site, etc. The downside is the effort involved in developing the solution, writing the code, etc.
There's also the issue that whereas with manual renaming you can perform the changes, test the site, and be confident everything works - with automatic renaming, the site is changing on a regular basis, and should therefore be manually tested each time to be sure the process hasn't broken your site in any way.
Furthermore, you now incur a database hit for every image request on your site, and database hits tend to be performance expensive.
It is possible to restrict access to any file type on a web server, using technologies such as .htaccess and mod_rewrite on Apache, or ISAPI filters / custom HttpHandlers on IIS.
Very basically speaking, the way these techniques work is to study the GET request of the client, and decide if it's a valid request or not. Typically this is done by querying the Referrer variable - if the referrer is a page on your own website, process the request, if not - either ignore the request, or serve up a cheeky image (as described in "technique 1: Manual file renaming").
These techniques require access to the website's hosting environment which may not be available to many website owners with cheap shared hosting packages. And even though there are plenty of code samples and tutorials on the web, there's no denying that this is a fairly technical solution, and will be beyond many hobbyists.
It's also notoriously difficult getting the balance right with these techniques - for example, many requests will have empty referrer strings, for example if the user is visiting your page using an RSS reader. And referrer strings are easy to spoof, so half the time you may end up blocking legitimate requests.
Still, it's a one-time solution, and means you don't have to mess around with your image filenames, or modify the images themselves.
A slightly less technical solution than "technique 7: Locking down the server using htaccess, etc." - as soon as someone hits the site serve them a cookie, and only supply images to visitors with a cookie.
Cookies are quite a fragile way of managing site access; cookies might be disabled in the browser, and can be faked by a tenacious leech. I don't like this method much, but thought I should mention it for completeness.
Previous page: Non-technical solutions... Next page: Summary...
