Slashdot Mirror
Security for a Small Stock Photo Company
ExTex asks: "I am a commercial photographer, and I also run a very small stock photography company. Most of the sales that I make are to existing clients or from referrals. Currently, when I make a sale I upload a ZIP file of the image and create a unique web page for the customer to download. I pull the page shortly after the client has confirmed receipt. This is easy, when I'm in the office, but can be a challenge if I'm out in the field on a shoot. At some point I'd like to be able to have 400 of my best images already pre-zipped and loaded to my web host for quick download. I'm wondering how best to secure the images to prevent unauthorized download but also make it relatively easy for the typical un-savvy client."
assuming you're using apache, .htaccess should do the trick
you can do this with OS Commerce open source online shopping cart.
You can create protected digital download store "items" and determine how many times they are able to download a give stock photo or whether it expires after a given amount of time.
Add credit card processing and you have a reasonably fully automated system.
e.
Build Your Own PVR/HTPC news, reviews, &
Whoa.. thanks for the quick flamebait...
.htaccess):
e r.html
why even bother reading the post? "I am mod, hear me roar!!"
Read the original post:
"At some point I'd like to be able to have 400 of my best images already pre-zipped and loaded to my web host for quick download. I'm wondering how best to secure the images to prevent unauthorized download but also make it relatively easy for the typical un-savvy client."
Isn't that just calling for an adult-website-type solution? That's exactly what adult websites do: they have their posting of their product, be it pictures or videos, and when you buy access to those, you get provided with a username and password, which usually lasts only a few days. Isn't that what the OP is asking for?
But, for the idiots who have their scripts set to mod "Flamebait" if it reads the word "porn" (pornpornpornpornpornpornpornporn!!!!), here's some simple javascript solutions (if you want more security, I would suggest
http://javascript.internet.com/passwords/gatekeep
http://www.javascript-page.com/passwords/
Watch the Teaser Trailer for "The Lightning Thief" Her
Unlike an adult site, the sale of stock photography is generally done one photograph at a time. The customer will purchase specific reproduction rights for a single shot. I don't want to offer access to more than one image at a time. Buyers chose a photo to purchase from my main portfolio site or from a printed portfolio of my work. Once they have committed to the purchase the buyer is directed to the site that holds only images for download. They won't even be able to view or preview the shot from the stock site.
I'll outline the shell of it here, but you'll have to do the legwork to complete it (or hire someone who can) as it it too detailed to put in a post here.
/username/public_html/ /username/photos/
.htaccess
Since PHP is pretty ubiquitous on webhosts, I'll assume PHP for the scripting.
You could do this with or without a database. I'll outline a path for doing it WITHOUT a db.
1) Make sure all your files have some sort of ID number for the filename (makes life easier).
2) Store *all* your files in a non-web accessible directory
ex. if your webroot is
store your pics in
this way, they can't be downloaded directly from the browser.
If you can't create a directory above your webroot, then make it inside your webroot, but protect it with
3) When a customer makes a purchase, you'll have an admin page that lets you create a 'download ticket' - when you load this page, you supply an email address and an image ID number (see #1) and it generates a 'ticket' that they can use to download the picture. (see 3a-b for details)
3a) Since this isn't Fort Knox, security doesn't need to be super tight, just enough to prevent casual sharing.
I would suggest a ticket be in a format like this.
0000-12345abc-12345678
where '0000' represents the image ID number
12345abc is the 'expiration date' encoded into base 16 (to be shorter)
12345678 - is every 4th digit of the MD5 (to keep it shorter) of the image number / date / and some secret string (that only is known to your web server)
3b) The admin page sends an email to the client using the email you provided.
"You can download your image at:
http://www.example.com/get.php?t=0000-12345abc-123 45678
This link will be functional until xxx-xx-xxxx blah blah blah"
4) You have a page 'get.php' that looks at the $_REQUEST['t'] value and does a comparison.
4a) Split the ticket into its parts ('0000' , '12345abc', '12345678')
4b) Calculate the MD5 of part 1 + part 2 + 'secret string'
4c) Get every 4th char, does it equal part 3? If not, DO NOT DOWNLOAD THE FILE, if so, continue
4d) Check the date, has it expired? If so, DO NOT DOWNLOAD THE FILE, if not DOWNLOAD THE FILE (see fpassthru() in PHP)
--
Notes:
With a database, you can record number of attempts per ticket to make sure someone isn't trying to brute force access by doing an incremental attack on the checksum (part 3) as there are only 4,294,967,296 possible combinations (16^8).
You could also add some sort of logging so that you can see who has attempted to download the file, etc.
You'd also want to make sure you're properly sanitizing the input as (at some point) you'll be translating the input value to a file path, so you need to make sure there are no potential attack vectors for walking the file system (which shouldn't happen if you check your MD5 first, but it would still be possible, especially since you're only using 1/4 of the check digits).
You want to keep the URL as short as possible for downloading so that the ticket doesn't word-wrap in their email. If it breaks, it may not be clickable any more. You'll probably also want instructions so that they can enter the ticket manually on the page, if the link in their email breaks.
Arguably, if someone figured out your secret phrase (the one you use in MD5 generation) they could generate tickets to download any of your files, but the only way they should be able to do that is if they have access to your box - which if they have access to your box they already have access to your files.
--