0

Is there a way to disable a user from downloading a file from a URL?

For example I have a link:

wow.mywebsitedomain.com/templates/filename.svg

I want to disable the user from downloading the filename.svg

These svg files are not just an image, they are editable designs that I have spent countless hours on each. No, I do not care if someone does a screenprint or gets a png etc, as those are not scalable, editable, vector files.

When the user clicks on a png thumbnail my actual link opens my online design editor to allow the user to customize these files, then save to my server, then purchase printed media, and they are not allowed to download any files.

I tried putting the actual files into a password protected folder on my server, but they do not open properly, and I do not want the user to have password access to this folder.

Essentially I need the link to be accessible, just not show the actual link for someone to copy and open/save/download etc.

Hopefully there is a simple solution for a non-programmer with basic html skills?

Thanks

Mahogan
  • 63
  • 3
  • 10

3 Answers3

2

If they can view it, they can download it. End of story. If you only want them to see a PNG, make a PNG from it and put that up

Pete
  • 6,585
  • 5
  • 43
  • 69
2

Your can do things like "disabling right-click" and stuff - it may prevent some users from downloading your file, BUT basically you cannot prevent a file which is downloaded and interpreted by the browser from being downloaded to a user's hard drive. This is not only true for SVGs, but also for music, videos, etc.

Instead, you can convert your SVG file to a PNG on server-side, and show only the PNG to the user. Note that you have the possibility to create PNGs of different sizes on the fly - dependent on the request, user's screen resolution, etc. You can also implement caching of the generated PNGs if needed.

On how to create a PNG from SVG in PHP read here:
Convert SVG image to PNG with PHP

You can choose other raster image format, of course.

Community
  • 1
  • 1
Alex Shesterov
  • 26,085
  • 12
  • 82
  • 103
  • Converting to a PNG is not an option, as the SVG is the file that the user dynamically live edits the file, like doing a t-shirt design, then saves. Is there a way to MASK the url, but still let it open the file, kinda like: before: wow.mywebsitedomain.com/templates/filename.svg after: wow.mywebsitedomain.com/7yXg43d3 ??? – Mahogan Mar 19 '13 at 19:26
  • Do I understand your web-application correctly? You have a base-design (created by you), which a user may customize - i.e. modify to his/her own needs. Then he submits the modified design to the server, which processes the order. You want that base design not to be available for download. Am I right? – Alex Shesterov Mar 19 '13 at 19:31
  • i have a code to disable right click on the thumbnails, but this is not helpful. When the user clicks on the thumbnail, the link is to open the svg file in the web application and the link displays the actual folder etc of the file, and it can easily be copied and downloaded directly. So to mask that link somehow to make this not possible. Also when viewing the source code, the links is easily visible. – Mahogan Mar 19 '13 at 19:42
  • As I said in my answer, if they can view it, they can download it. If it's transferred to their web browser, they can save it. There is simply no way around this. If they have caching turned on, then every file they view gets saved on the hard drive already. – Pete Mar 19 '13 at 20:19
  • There actually is a way around it, but the way around is to use some sort of client-side technology (Silverlight, Flash, or a browser plugin or something of that sort) and encrypt the file and transfer it encrypted. That doesn't make it unhackable, but it brings it beyond the ability of most users to get the file. But this requires your web app to be written in the client technology. It can't be HTML/Javascript based. – Pete Mar 19 '13 at 20:22
  • One solution you may consider - generate the part which the user cannot customize as png on the fly, and let the user "draw over" the base design, so that your server accepts only user-drawn part and merges it with the base design. This however limits the customizability of base design... – Alex Shesterov Mar 19 '13 at 20:31
  • From what I have heard, PHP is a script that resides on the server and is not easily referenced. Would it be possible to write the html hyper links with a script that then links directly to a php file on my server, then the php file actually opens the file without revealing the file location? The web application that I am using is this: code.google.com/p/svg-edit/ – Mahogan Mar 19 '13 at 20:48
  • Hiding location is not the way to go, because a file can be saved without knowing its location, if it is opened and processed by browser. You have three ways - generate PNGs (at least partially, with base only), or use client-side technology like Java applet or Silverlight as Pete suggested... or make clear that the SVGs are copyrighted, include licence on your site and hope that your users respect intellectual property... You may start with the third option (licence+copyright notice) and launch your site, and then work on other options. – Alex Shesterov Mar 19 '13 at 22:00
  • thank you all for the suggestions. I will look into the client side options. Not sure where to start and what would be the least intrusive for a site user? – Mahogan Mar 19 '13 at 22:41
  • flash/flex is _probably_ the least intrusive, only iPhone/iPad users may have problems with it. – Alex Shesterov Mar 20 '13 at 08:46
0

My understanding is; if you can see it, you can download it,

Eric Goncalves
  • 5,253
  • 4
  • 35
  • 59