# Solved: How to encrypt Images



## techy689 (Jan 9, 2007)

I just recently bought a SSL Certificate from GoDaddy, and now I can access my site via https:// and it shows secure (with a padlock in IE)....however, if I access my website via https, none of my images show.

Also, I have a PayPal cart set up, and whenever I click on the cart I am redirected to PayPal and a Pop Up comes saying that "there are both secure and nonsecure items on this page... ..". If you opt to not show the nonsecure items, my image header does not show.

I guess my question is, how exactly do I make my images secure or encrypt them?


----------



## techy689 (Jan 9, 2007)

Also, how do you remove only the "copy" and "view image" when you right click an image.


----------



## namenotfound (Apr 30, 2005)

s4baz said:


> Also, how do you remove only the "copy" and "view image" when you right click an image.


Might be possible to get done with JavaScript. However, the end result is you really can't force a users browser to disable "copy" and "view image" because they could just turn off JS (or have it set to not mess with the menus).


----------



## Fyzbo (Feb 6, 2002)

In response to the first post. Any time you reference other media on a secure page such as images, scripts, or style sheets make sure they do not start with http:// use https:// or I would recommend just //


----------



## techy689 (Jan 9, 2007)

Fyzbo said:


> In response to the first post. Any time you reference other media on a secure page such as images, scripts, or style sheets make sure they do not start with http:// use https:// or I would recommend just //


So, when i reference my image directory, instead of /images i would use //images?


----------



## techy689 (Jan 9, 2007)

namenotfound said:


> Might be possible to get done with JavaScript. However, the end result is you really can't force a users browser to disable "copy" and "view image" because they could just turn off JS (or have it set to not mess with the menus).


I was actually looking for a javascript and I understand they could just disable it, however, the average user would not know how to do this.

I am not trying to secure my images, just keep it so that the average user cannot copy images from my website.

After all, if it is someone experienced really wants an image, there is no way to stop them unless a watermark with a name is physically imprinted into the image.


----------



## Fyzbo (Feb 6, 2002)

if you are using relative links there should not be a problem. It's only when you have a link like







that it will need to be changed.

Can you post the page so we can see what is going on first hand?


----------



## Fyzbo (Feb 6, 2002)

s4baz said:


> I was actually looking for a javascript and I understand they could just disable it, however, the average user would not know how to do this.
> 
> I am not trying to secure my images, just keep it so that the average user cannot copy images from my website.
> 
> After all, if it is someone experienced really wants an image, there is no way to stop them unless a watermark with a name is physically imprinted into the image.


http://javascript.about.com/library/blnoright.htm


about.com said:


> Web novices often believe that by blocking their visitors use of the right mouse button that they can prevent the theft of their web page content. Nothing could be further from the truth as there are so many ways to bypass the "no right click script" that the only effects that such a script has is to annoy those of your visitors who legitimately use the context menu (as that menu is properly called) in their web navigation.
> 
> Additionally, all of the scripts that I have seen to do this only block access to the context menu from the right muse button. They don't consider the fact that the menu is also accessible from the keyboard. All anyone needs to do to access the menu using a 104 key keyboard is to select the object on the screen that they want to access the context menu for (for example by left clicking on it) and then press the context menu key on their keyboard (it's the one immediately to the left of the right CTRL key) or on a 101 key keyboard hold down the shift key and press F10 to achieve the same effect.
> 
> ...


----------



## techy689 (Jan 9, 2007)

I didn't post the link in the forum because I didn't want for someone to search for the site using Google and then it come up as thread for TechGuy.. so I sent it as a PM.

Also, all the images have relative links


----------



## Fyzbo (Feb 6, 2002)

I'm not sure what's going on, but to add to the discussion. The img tags look good, and the images server under https (i.e. https://www.example.com/logo.gif) if you type the address directly into the browser. They are just not being retrieved for the https html page.


----------



## namenotfound (Apr 30, 2005)

You could try hard coding the images, using https://, since the relative images don't seem to work...


----------



## techy689 (Jan 9, 2007)

well, there is honestly only one image I wish to "encrypt"... i can access it at https://example.com/images/picture.gif... and it shows up fine in any browser.

However, (this is the logo for my picture when using the PayPal shopping cart) when i access this page, IE says this page has some secure/not secure items, and that the picture is not secure, even though the link for logo i gave to paypal is https://example.com/images/picture.


----------



## techy689 (Jan 9, 2007)

Could it have anything to do with my .htaccess:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?example.com/.*$ [NC]
RewriteRule .(gif|jpg)$ - [F]
RewriteCond %{HTTP_USER_AGENT} Wget [OR] 
RewriteCond %{HTTP_USER_AGENT} CherryPickerSE [OR] 
RewriteCond %{HTTP_USER_AGENT} CherryPickerElite [OR] 
RewriteCond %{HTTP_USER_AGENT} EmailCollector [OR] 
RewriteCond %{HTTP_USER_AGENT} EmailSiphon [OR] 
RewriteCond %{HTTP_USER_AGENT} EmailWolf [OR] 
RewriteCond %{HTTP_USER_AGENT} ExtractorPro 
RewriteRule ^.*$ X.html [L]
RewriteCond %{HTTP_HOST} ^example.com
RewriteRule (.*) http://www.example.com/$1 [R=301,L]


----------



## techy689 (Jan 9, 2007)

If you have seen my site, you know there aren't any items for sale on it.

I want to have everything finalized before I put up any items.

Thanks.


----------



## Fyzbo (Feb 6, 2002)

II don't get the IE secure/not secure message. I also don't get that message in firefox. The image is clearly https and it does not load. I would guess it has something to do with server settings since the image can load on a direct request, but not when referenced from a page.


----------



## Fyzbo (Feb 6, 2002)

s4baz said:


> Could it have anything to do with my .htaccess:
> 
> RewriteEngine on
> RewriteCond %{HTTP_REFERER} !^$
> ...


Yup definitely. You are saying not to serve files of type gif|jpg if the referer is not http://www.example.com or http://example.com. I'm not good at this htaccess stuff, but try to changehttp://(www.)?example.com http(s)?://(www.)?example.com

You will also need to allow www.paypal.com to hotlink your images.


----------



## techy689 (Jan 9, 2007)

> The white text is good, but the black text is hard to see on that background.
> 
> The image itself is viewable with both http and https (when I tried it). When https, it has the little lock icon, so it *should* be encrypt correctly. It's weird if IE gives a warning message about it.
> I don't have IE on this computer, so I can't check. But it should work just fine, from what I gather...


I did change the image to have white text... I did that for the main logo but forgot to do that for the paypal logo.


----------



## techy689 (Jan 9, 2007)

Thanks a lot. It was the .htaccess so I replaced what I had to this:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^https://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^https://paypal.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://paypal.com$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.paypal.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.paypale.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ http://www.example.com [R,NC]


----------



## techy689 (Jan 9, 2007)

I marked the thread solved, however, if anyone does know how to remove "Copy Image" and "View Image" only from the right-click context menu using javascript, please let me know.

I have found many scripts which simply remove right click, however, I still want viewers to be able to access features such as print, open in new tab, open in new windows, etc.


----------



## Fyzbo (Feb 6, 2002)

This article has some resources: http://www.sitepoint.com/article/dont-disable-right-click

I would stress that no matter what you do, once the photo is on the net anyone who wants to download it can. It's trivial, even after you use javascript to turn off the right click. To me that javascript will do nothing but waste bandwidth and annoy your visitors. If it's of such a high value I would recommend a watermark or digital watermark.


----------

