samedi 29 juillet 2017

How to prevent files from being stolen by editing html code?

I have a simple Flask app that lets you download an image protected by a login. There are simply two routes:

example.com/login
http://ift.tt/2eVVxPW

You can't access "downloadpage" before you have successfully logged in. That's working fine. The folder structure looks like the following:

--flaskapp.py
----static
------images
--------background.png
--------protectedimage.png
------stylesheet.css

The login page looks like this:

< body style="background:url('../static/images/background.png');">
    <!--Login-->
</body>

If you now go to example.com/login and change the source code in the browser by clicking inspect in Chrome for example you can easily change '../static/images/background.png' to '../static/images/protectedimage.png' the protected images will be set as background and you can easily save it. How can you prevent users from being able to do that? Of course I want them to be able to download the protected image by clicking the download button on http://ift.tt/2eVVxPW.




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)