Simple indirection approach for linking to images

Question

I have a web site which hosts images are shared and linked directly. I've read somewhere that this is a bad idea. How could I apply simple indirection approach while perhaps keeping existing links up for a while until they disappear off Facebook?

Edited the question as it was apparently unclear. – James P. Jun 02 '11 at 18:25 — James P., Jun 02 '11 at 18:25

Halcyon · Accepted Answer · 2011-06-03T20:25:42.400

Old answer below.

Example for making links that you can't direct link to:

$expire = 60 * 5; // 5 minutes;
$time = $_SERVER['REQUEST_TIME'] + $expire;
$image_id = $image_id;
$secretpassword = "secretpassword";

function generate_link($image_id, $time, $secretpassword) {
    $hash = md5($secretpassword . $time . $image_id);
    return "image.php?" . http_build_query(array(
        'image_id' => $image_id,
        'time' => $time,
        'hash' => $hash,
    ));
}

function is_link_valid($image_id, $time, $hash, $secretpassword) {
    if ($hash !== md5($secretpassword . $time . $image_id)) {
        return false; // hash is invalid
    }
    if ($time < $_SERVER['REQUEST_TIME']) {
        return false; // link has expired
    }
}

Use like:

generate_link($image_id, $time, $secretpassword);
is_link_valid($_GET['image_id'], $_GET['time'], $hash, $secretpassword);

You put two bits of information in the links you generate: the image id and the time when the link should expire (so you can't direct link). Additionally you add a hash so that no one can 'mess' with the variables, only you know how to generate the hash (depends on $secretpassword).

These links expire after 5 minutes, or whatever you set $expire to.

One issue is that these links don't look very pretty. I know ways to make them look prettier but that's beyond the scope of this question.

Old answer

I assume you mean that you share images that are on other domains (like Facebook).

The problem you describe is that you're 'leeching' off the other domains by using their images (and bandwidth). I don't know Facebook's policy about direct links but for lesser sites it's a real burden. Adding indirection isn't going to solve this problem.

The only way to solve it is to upload the images to an image server, either a free one or one that you control yourself. You could have your users do this, or you can do it for them. Automating it is hard if you don't control the image server, but having an image server can be very costly (bandwidth is expensive). Having users do it places the burden on them and might make your site less attractive because they need to perform an extra step.

I think these are the options you have.

These images come directly from the site that I'm working on (photographs of members for example). One issue with direct access to images is that anyone can link to them once they've been diffused. This can be avoided if there's a "middle man" somewhere. Leeching is an issue though. — James P., Jun 02 '11 at 18:25
Ah, in that case, you could just make links that are nearly impossible to guess. I'll give an example. — Halcyon, Jun 03 '11 at 20:12

Simple indirection approach for linking to images

1 Answers1