0

A lot of times I see that resource XXXXX.gif or XXXXX.js can't be saved when I try to save a webpage in Firefox.

So this made me think, can I implement a similar thing for my website as well?

Basically, I am interested in knowing what prevents a resource from being saved locally, but while still allowing the browser to load it?

Scott Pack
  • 15,217
  • 5
  • 62
  • 91
Novice User
  • 2,088
  • 7
  • 26
  • 38
  • 4
    I have this neat Firefox extension that does an quick end run around anything like this allowing direct viewing and pulling of the image from cache. Firebug displays the scripting in plain text. Chrome F12 developer tools provides instant access to the Javascript. The methods you cite only work for casual viewers. Site scrapers and content thieves already have your content if they think it's worth stealing. – Fiasco Labs May 05 '12 at 16:50
  • 1
    http://blog.slaks.net/2010/12/on-copy-prevention-in-html-part-1.html – SLaks May 06 '12 at 14:48

3 Answers3

18

If it has been loaded into the browser, it has been downloaded to your computer's memory. The webpage might attempt to stop you from saving an image (by e.g. disabling right click?) or similar, but if you go into the source of the webpage, you should always be able to find the location of the image or the .js file; if you can load it into the browser, I'm pretty sure you can't block it from being accessed as such and therefore saved. If nothing else, you could scour your computer's temporary files to find the file you're looking for.

I know this isn't really an answer to your question ('How can I stop people doing this'), but I think necessary to point out.

Think about this: if you can't download it, how can the browser display or execute it?

Savara
  • 490
  • 4
  • 15
8

Basically, I am interested in knowing what prevents a resource from being saved locally, but while still allowing the browser to load it?

One way they might be doing this is to look at the http referer header. This trick is often used in hotlink protection and the theory goes something like this:

  1. Browser opens webpage.
  2. Browser fetches resources, sending referrer value of ^http://www.site.com/ (url beginning with).
  3. Server checks this and serves the resources if valid.
  4. If not, it serves a 404, or some other such error.

This is really easy to work around - install tamper data for firefox, load a page, watch the resource requests and look at their headers. Then make a direct url request, tamper it and alter the referer to match the previous request. If it works - bam, sorted.

This is a sort of effective trick for hotlink protection, but doesn't prevent you saving the resources offline.

2

It is impossible to do. There are JavaScript scripts that will prevent you from, let's say, right-clicking on the image, but this can easily be worked around by disabling JavaScript.

The Illusive Man
  • 10,587
  • 16
  • 58
  • 89
vgaldikas
  • 21
  • 2