ASP.Net vs other technologies

[Sam Carleton]

By day I am a Microsoft Windows Application Developer currently using
..Net 2.0. Mind you, I did say Window Application vs Web Applications.
I run Solaris and OpenBSD at home and know Linux. I have dabbled in
web programming for personal use over the years. I have used things
like ASP.Net, PHP, CGI, etc, along with the classics HTML, JS.

By night I am an photographer. I would like to develop a web site to
sell event photos online. There are three requirements:

1: As secure at possible, I want to make it as hard as possible for
folks to steal the images
2: Cross platform, it must be equally secure on both Windows and Mac!
3: Easy to add images, fore events will be added daily

I don't think the third one is any big deal, simply a matter of a good
implementation. I am concerned about the first two. I am fully aware
that if the image is on the Internet, it CAN be stolen. I am also
aware of the fact that it is possible to make is a LOT harder for folks
to steal. On the scale of 1 to 10 (1 being easy and 10 be impossible
to steal) I am looking for around a 6 to 8, maybe even 5. Currently I
host some of my images at this site: http://photos.miltonstreet.com I
*THINK* they are using ColdFusion, not sure. They have the type of
security I am looking for, though.

Being a Windows Application Developer that already knows C#.Net, the
idea of using ASP.Net is very appealing, but... I am concerned about
the whole cross platform/security issue. I am thinking that using
ASP.Net's Web.Forms will allow me to develop a pretty secure site on
IE, but what about the cross platform issues? How hard will it be to
secure it for Firefox and for the Mac?

Considering the scope of this project, sell images online, would I
simply be better off looking at another technology like ColdFusion or
one of the other solutions out there?

Sam

 

[Guest]

ASP.NET has no inherent cross platform issues as it is browser based. Some of
the controls output not so pretty or compliant markup but its no worse (in
fact possibly better) then the rest of the web.
The site you mention has no real security for your images, they are just
embeded in flash animations so you cant just right click and save them to you
hard drive. You can still screen dump the browser and save the image that
way. There is no way to stop people taking image data you give them. You have
to not give it, like write SAMPLE across it in big red letters. It will give
people an idea of the shot but they cant use it.
If you do like the flash route than that is flash, so you can use that in
..NET. but I dont know what kind of api it has to make movies including images
via code.

I would go with ASP.NET

 

[Mark Rae]

<cross-posting removed>

1: As secure at possible, I want to make it as hard as possible for
folks to steal the images

Totally impossible if the images are to be displayed on the client browsers.
If it's on the browser screen, it's almost certainly also in Temporary
Internet Files etc. You'll find loads of web pages telling you how to
disable right-mouse clicks, how to hide View Source etc... All are rubbish,
an can be circumvented with little effort.

The best you can do is to create thumbnails of the images with text
superimposed e.g. "SPECIMEN" so that even if the image is harvested, it's of
little worth.

2: Cross platform, it must be equally secure on both Windows and Mac!

Platform and browser are irrelevant to server-side security, especially in
this case.

3: Easy to add images, fore events will be added daily
I don't think the third one is any big deal, simply a matter of a good
implementation.

Correct, but don't be fooled into thinking that the technology you use to
create your website will make the images any easier or harder to steal. The
client browser hasn't the slightest interest in whether the webserver from
which it's receiving its HTML stream is running ASP.NET or Java or
ColdFusion or PHP or whatever...

*THINK* they are using ColdFusion, not sure. They have the type of
security I am looking for, though.

So use that if you're happy with it.

Being a Windows Application Developer that already knows C#.Net, the
idea of using ASP.Net is very appealing, but... I am concerned about
the whole cross platform/security issue. I am thinking that using
ASP.Net's Web.Forms will allow me to develop a pretty secure site on
IE, but what about the cross platform issues? How hard will it be to
secure it for Firefox and for the Mac?

How would the platform and/or browser make any difference...? HTML is HTML
is HTML...

Considering the scope of this project, sell images online, would I
simply be better off looking at another technology like ColdFusion or
one of the other solutions out there?

I don't think that would make the slightest difference...

 

[Norman Yuan]

Since you are talking host yor app online (the Internet), if you want to go
with ASP.NET, it has little to do with corss platform, you can only host
your app with IIS (unless you can find a Linux host running Mono). The
security you are talking has very little to do with different client
browsers, which you have no control at all with your server side web app and
it is not cross platform issue.

Since you want to sell your image, you must show them to potential buyers
before they decide to buy. Once your image is shown on a browser, user can
save it (you cannot prevent it). So, the only way to "secure" your image,
IMO, is to only show low quality preview, or size-shrinked image. However,
if the preview's quality is too poor, you may not get users' attention at
all. So, it is your decision to let user preview a fairly good quarlity
image: good enough for they to shell out money to buy it, but not good
enough to save it without paying you.

I'd think most current web technologies are capable of doing this, and
ASP.NET certainly is. No matter what web app you choose, the security you
are talking has little to do with the browsers on client side, be it IE,
Firefox, or something else.

 

[Sam Carleton]

How would the platform and/or browser make any difference...? HTML is HTML
is HTML...

I was under the impression that using ASP.Net and Web.Forms was more
then just server side. I thought they both tied into IE7 in special
non standard HTML ways to give a richer user interface. I assumed that
it might be possible to obfuscate things thanks to this richer user
interface to make is that much harder for folks to get at the images.

From all the replies, it sounds like I am mistaken.

Oh, I do know there is a sure fire way to secure the images: I could
write a custom ActiveX control to display the images which communicates
with the server over a secure channel. It would prevent the images
from ever existing on the HD and if I wrote the control correctly, I
could prevent most if not all screen capture techniques. This is over
kill, though and I don't what to return to the C++/COM world to write
an ActiveX control and I don't want to have to pay the large sum of
money to get it signed. If this web site is really successful and this
becomes an issue, but it is a lot of work for what I think will be
little return.

Sam

 

[Sam Carleton]

First off, please realize that I understand, if the image is on the web
and is accessed by simple old HTTP/HTTPS, it gets saved to the hard
drive and can be stolen. I know this, but I also know that even though
it is on the hard drive, does not mean it is *EASY* to get to and/or
find. For those of us in the know, yea it is not all that hard, but to
the average person it isn't. I am targeting average people, not geeks.

The site you mention has no real security for your images, they are just
embedded in flash animations so you cant just right click and save them to you
hard drive. You can still screen dump the browser and save the image that
way.

Site in question: http://photos.miltonstreet.com

Hum, how do you right click and save the image? When I tried that in
IE and Firefox, I get their custom menu. When I turn off JavaScript, I
don't get any images, period. How would an average or even basic
hacker get at these images without doing a screen capture of some sort?
I am just trying to figure out how hard is it REALLY to get at the
images on this site.

Sam

 

[Mark Rae]

I was under the impression that using ASP.Net and Web.Forms was more
then just server side. I thought they both tied into IE7 in special
non standard HTML ways to give a richer user interface. I assumed that
it might be possible to obfuscate things thanks to this richer user
interface to make is that much harder for folks to get at the images.
From all the replies, it sounds like I am mistaken.

You absolutely are.

I could write a custom ActiveX control

Which would completely invalidate one of your three top-level requirements,
namely that your site should be cross-browser compatible!

 

[Mark Rae]

Hum, how do you right click and save the image?

Er, you're joking, right...?

I am just trying to figure out how hard is it REALLY to get at the
images on this site.

Oh come on!

http://photos.miltonstreet.com/img/p505102018-4.jpg?ts=0

Right-click, Save Picture As...

Cute, though...

 

[Sam Carleton]

Er, you're joking, right...?

Ah, no, not joking...

Oh come on!

http://photos.miltonstreet.com/img/p505102018-4.jpg?ts=0

From the link YOU provided, yea, brain dead simple to save the image.

But HOW did you get the link? I searched this
<http://photos.miltonstreet.com/p98234131/?photo=505102018> link's
source for p505102018 and could not find any reference to that link.
Again, my objective is to prevent the average person from stealing the
images. Please do enlighten me.

Cute, though...

Thanks, senior portraits are a lot of fun to do!

 

[Sam Carleton]

You absolutely are.

Live and learn

Which would completely invalidate one of your three top-level requirements,
namely that your site should be cross-browser compatible!

Too true, too true. I could always punt and write a java thingy-ma-bob
that is along the lines of ActiveX. But point well taken.