Related Topics: ColdFusion on Ulitzer

CFDJ: Article

Protecting Your Web Site Images with ColdFusion

Protecting Your Web Site Images with ColdFusion

In a world where information is power, images need protection as much as text documents.

This article describes a way to apply an image security mechanism to protect files in an application that follows a ColdFusion security model. The examples that I give will work in a Windows environment and I'm sure they can be adapted to work in other environments with minimal changes.

The described method isn't to prevent people from downloading images from your site, for example, by right-clicking and hitting save as or file save as. The method I'm proposing will prevent people from "hotlinking" to your site and using your images without your permission.

Flawed Security Model
Most sites that use ColdFusion to authenticate users are using some type of hidden variable not readily accessible to the user, such as client or session variables that annotate if a user is logged in or not. This is perfect if all your pages are CF, since client and session variables are only visible to your CFM files. However, this brings up the issue of images.

Any time the <IMG> tag is called, the browser requests a file that isn't CF, thereby opening a hole in your security model. Images don't contain the CFM extension, and thus become readily available to anybody who knows the URL. My research indicates that there's no need to develop a complex way to protect files, <CFIMPERSONATE> and <CFCONTENT> will work just fine.

NTFS and the <IMG> Tag
At the moment, the only way for CF developers to display images on their Web pages is to use the <IMG> tag. This is fine if the images you have belong to the public domain. On a Windows-based system the de facto method of protecting files that are Web accessible is to apply NT File Security (NTFS) to the directory that stores the images. So if you were to apply NTFS to your image directory (assuming you're using your database for authentication and authorization), users would have to enter a username and password to view images the first time they make a request for one. If users fail to enter the password, or enter an incorrect one, they'd receive either a broken image link or maybe even a nasty HTTP 401 error saying "Unauthorized: Logon failed due to server configuration."

The only time you should consider using the <IMG> tag without NTFS enabled is when the images are not considered to be sensitive, or when they're available in the public domain - for example, minor graphics or images that aren't proprietary to your company.

Images with NTFS and <CFIMPERSONATE>
On the other hand, you wouldn't want to refer to an image on your company's Web site that gave a detailed synopsis of the corporate network without protecting it. If the directory does contain images that you want to display that are also sensitive , some type of mechanism to get the images is needed.

With the <CFIMPERSONATE> tag we have a valid mechanism to access images that are contained within an NTFS-protected directory. The purpose of this tag is to allow a developer to write a script that will impersonate a user located either within the Advanced Security Model or on the operating system (OS). To access the images that are located within the NTFS-protected directory, we'll need to use an account that's located on the OS.

To use the <CFIMPERSONATE> tag to access a directory that's been protected with NTFS, we need to do the following:

  1. Declare a domain in which the user account is located
  2. Provide a username and password
  3. Enter a type of OS
Entering a type of OS will tell the ColdFusion Server to attempt to access the image as the declared user located in the OS. Once this is done, all commands located between the start and end <CFIMPERSONATE> tag will be performed as the stated user (see Listing 1).

Images and <CFCONTENT>
Another method of securing images is to use the <CFCONTENT> tag, a very versatile tag with many uses beyond those I'm explaining in this article. Some people say that they've encountered problems using <CFCONTENT> with Windows NT Service Pack 6a, but the examples given here will all work fine with Service Pack 6a.

The burning question is: How can <CFCONTENT> be used to display images inside a Web page and still enable you to keep your pages formatted properly? Whenever you use <CFCONTENT> you'll have to provide the exact path where the image file is located. Since the exact location of the file is required, this enables you to store all of the images outside of any Web-accessible directories. This in turn provides added security, because your images are now inaccessible to people who are either not physically on the machine or outside of your site. For <CFCONTENT> to be accessed, it has to be inside a CFM page, and inside your CFM files. This way you're applying your security model, thereby protecting your images.

Using <CFCONTENT> to Display the Images
To keep a Web page properly formatted, <CFCONTENT> will need to be called from a separate file (see Listing 2). The trick behind keeping your page aligned properly is to call the CFM page from within the <IMG> tag. See Listing 3 for more details.

<IMG SRC="/someDir/displayImage.cfm?imageId=23" width="200" height="200">

The reason for using the <IMG> tag is that the browser will provide the appropriate image formatting based upon the attributes provided within the <IMG> tag. The <IMG> tag is in effect acting like a separate ColdFusion request for a file - and, for all practical purposes, that's just what it is. Whenever an <IMG> tag is called, CF is making a separate request for the image information and placing it inside the <IMG> tag. Since a ColdFusion page is doing the request within the <IMG> tag, your security model is being applied against the user requesting the image file.

Final Recommendations
What I've described here is an alternate method of protecting images that you wish to make accessible via the Web in an <IMG> tag. Although <CFCONTENT> and <CFIMPERSONATE> are both effective means of displaying protected images on the Web, they place an extra burden upon the ColdFusion server. Every time an image is requested with the <CFCONTENT> or <CFIMPERSONATE> tags, it requires the server to do additional processing. If you have a site with a large volume of daily hits, this type of processing can add up. I'd recommend that you use this method only for images that really need to be protected.

I'd like to thank Angelo Alverez for recommending that I submit this article to ColdFusion Developer's Journal. But most of all I'd like to thank Rowan Kelly for helping me figure out this method of protecting images.

More Stories By Steven Lewis

Steve is an Allaire Certified ColdFusion Developer employed by Booz Allen & Hamilton, as the technical lead for a collaboration tool development project. He also has a BS for San Diego State University in Information Decision Systems.

Comments (2)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.