Are you trying to implement some form of Capatcha to stop automated attacks against a logon screen or something similar? If so there is a nice opensource one @ http://jcaptcha.sourceforge.net/ and an alternative from Google http://www.captcha.net/ which support audio (but requires an internet connection and an account). I implemented both so that when the required credentials are available it uses the google one and degrades to the JCaptcha one which works very nice.
Otherwise it sounds like you need a security filter within tomcat and let Tomcat serve up these images. Tomcat in my opinion is just as good at serving static content as Apache or IIS is. Regards Rob > -----Original Message----- > From: Siva prakash I V [mailto:sivaprakash...@gmail.com] > Sent: 02 November 2010 15:48 > To: Tomcat Users List > Subject: Re: Protecting static resources in IIS > > Hi Rob, > > My app contains a sequence of images like for eg. A/11.gif, A/12.gif, .... > A/19.gif, B/21.gif... etc. > These images are used to identify a valid user of my app. > As these images are easily guessable, it may be easy for anyone to download > all possible images and may lead to phishing attack. > Having said that I can't place my images in Tomcat and get it served by a > servlet( a performance penalty ) and neither I can change my image names to > ones which are not easily guessable. > My tomcat app jsps should continue using the existing images. > > > > On Tue, Nov 2, 2010 at 8:22 PM, Rob Gregory > <rob.greg...@ibsolutions.com>wrote: > > > Hi Siva, > > > > The only way I know of protecting an 'actual' request for a specific > > resource is to remove the resource from the web server. I Can't see why > > you would want to stop access to something when it is actually requested > > otherwise what would be the point of deploying it (if nothing can access > > it). Sorry if I misunderstand the question. > > > > > > > -----Original Message----- > > > From: Siva prakash I V [mailto:sivaprakash...@gmail.com] > > > Sent: 02 November 2010 14:44 > > > To: Tomcat Users List > > > Subject: Re: Protecting static resources in IIS > > > > > > Firstly, Thanks for the info. > > > > > > I've done what you've said. > > > > > > Consider my directory structure as below in IIS. > > > > > > <IISROOT>/images/TestDir/A.gif > > > <IISROOT>/images/TestDir/index.html (newly introduced one) > > > > > > If I hit the following url, it shows the index.html > > > https://<hostname>/images/TestDir/ > > <https://%3chostname%3e/images/TestDir/> > > > > > > but if I hit the following url, it shows the image A.gif which needs > > to be > > > restricted its access. > > > > > > > > https://<hostname>/images/TestDir/A.gif<https://%3chostname%3e/images/Te > > stDir/ > > > A.gif> > > > > > > Please let me know if this can be resolved. > > > > > > > > > Thanks, > > > Siva Prakash > > > > > > > > > On Tue, Nov 2, 2010 at 7:49 PM, Rob Gregory > > > <rob.greg...@ibsolutions.com>wrote: > > > > > > > While this is not a forum nor is the mailing list about IIS a quick > > > > suggestion and one we implement is to place a blank (or custom) > > > > index.html file into every directory within the site. This will then > > be > > > > served up when requests for resources are received. > > > > > > > > Hope that helps > > > > Rob > > > > > > > > > -----Original Message----- > > > > > From: Siva prakash I V [mailto:sivaprakash...@gmail.com] > > > > > Sent: 02 November 2010 14:08 > > > > > To: users@tomcat.apache.org > > > > > Subject: Protecting static resources in IIS > > > > > > > > > > Hi, > > > > > > > > > > Though I know that this forum is not for IIS related questions, It > > > > will be > > > > > great if someone can help me out with the following problem. > > > > > > > > > > I need to protect the end user's access (thru a url) to the static > > > > resources > > > > > like images directory in IIS but still allowing my app jsps in > > Tomcat > > > > ROOT. > > > > > > > > > > > > > > > Thanks, > > > > > Siva Prakash > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
