Chris, you're kind of breaking down an open door here.
Bill was already at the stage of congratulating himself and dreaming of his retirement
plan, following his discovery of a brilliant and innovative solution.
Better to start from the beginning of the thread..
On 02.10.2015 16:30, Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Bill,
On 10/2/15 5:04 AM, Bill Ross wrote:
Thanks Andre for the well-considered reply. To Thad - thanks, I
also asked on stackoverflow after here.
I believe I have solved the obfuscation problem independent of the
javascript issue. What I just got working is logically:
img.src = "/images/" + /servlet/getnext(params)
Where I now have a Servlet at /images that serves the file, thanks
to a generous coder at stackoverflow. I'll post the nicely designed
code here if anyone wants.
Why not just use the DefaultServlet... that's what it's job already
is. Or, do you need an image from a database or whatever?
I am adding a table to map random hashes to file names. I'll
insert there and have getnext() return the hash instead of the file
name. The new Servlet I just added will look up the hash, check the
age of the record and refuse it if older than a second, and then
serve up the mapped file from the filesystem with current date and
some flippant random file name in the headers.
You could do your security-checking, and then simply forward() to the
resource, then let the DefaultServlet actually serve the bytes. That
allows you to use range-requests, etags, if-modified-since, and all
that other good stuff.
So as far as I can see, the only thing not obfuscated is the image
itself and my ego, which is harmless here.
What do you need to obfuscate?
I can think of even more hare-brained schemes where for instance
some Ajax function of yours could open a websocket connection to
the server, and receive a stream of image objects from the server
over that single connection and "plug" them into the page as
appropriate. But any kind of thing like that would start to
deviate seriously from standard practices, and need a serious
effort of development and debugging before it could be considered
as "production-level".
This is exactly what I was fishing for, and I thought maybe it had
been solved in some javascript library.
Do you need the image to be in an Image object, or do you want to put
it into an <img> on the screen? If the latter, just change the value
of the 'src' of the <img> and the browser will re-load the image from
the server.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWDpT2AAoJEBzwKT+lPKRYdj0P/iTqUq5FTYeTgVjJtLXEMile
74ql5SalOtbERrTvyY72d4wHjlnWUYJCJeJOTWyDU3grJsG7OBxHpiWEQEI5c9GV
xEhhGrlI1vOIdJ3gZRCgnrPDV8pdXTS4Sg8zEuLpW5ITRLEJsnHQz6yJDkbLofYz
w9ACt/Dllv/kcJPHrIu9+J5xgLAEUPKIHuu1mM9TkTWeSYepuR8grm3A2GFO999D
+5MIkd/XpkfTK88/yGP6Q2xtXgXAtnI5Ug0e5S72gkGFRsHYV5iWb9yBRoji7W09
G1uOJPm3xiCED2bLsiFBZmhgv/YrmCoVx4EbLnsYO/92tkHT1+2zly2bmKZc/AoC
LXoWI/trEiE2MUWvYlwftyEZvBLsJQCqrHfo6MOwPNwY2YFhv+GYl7E5N+QcQZf5
eCu/vzCvsDZHz7QrVHwInDKXeD2iZ3JxMRVPFT7kIfD/aTzrlFEGqZ+hG/pYsjWh
Gv1l2vmfQkPu7/wmhoCscdcqwk9SMCYOWvK7/5ehSyZl/j/4J/zkqnkbU10HlxO+
wVjt+cVYtrCHf7UXWInF86N5ZHSu9KVsmWdoMUUOxIFbGRQbSIvCVBzFPv+WIoR/
G/hURioQXqcICmslbbhw9QwINuRWz7gpcp+Ll7Jj+3furtxYQwv6IB/qJSWSi/Ih
lvNUQAkYta9Y+ZUGYAfE
=5ruo
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
