完全禁止浏览器缓存
我想防止某些文件被浏览器缓存(出于版权原因)。我知道您可以使用 PHP 更改标头:
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
这是否就那么好?有人能想到额外的安全层吗?
I want to prevent certain files from ever being cached by a browser (for copyright reasons). I know you can change the headers using PHP:
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
Is this as good as it gets? Can anyone think of additional layers of security?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在资源的 url 中添加时间戳:
这会欺骗浏览器和服务器,让其每次都认为它是新资源。只要确保每次的值都不同即可。这适用于任何资源(如果我错了,请纠正我),例如纯 html、图像等。
随机查询字符串以避免 IE 缓存
但是,无论资源是否过期,资源仍然存储在缓存中。当资源过期时,浏览器所做的就是等待用户再次检查站点,重新下载资源并覆盖缓存中的现有资源。在用户执行此操作之前,它不会从缓存中删除这些内容。
另一种防止缓存的方法是在连接中使用 SSL。默认情况下,浏览器不会缓存经过 SSL 处理的网站——除了额外的解密开销之外,这也是避免到处使用 SSL 的主要原因之一。然而,一些浏览器仍然允许 SSL 缓存(据我所知,Firefox 允许)并且仍然不会改变资源被发送到用户浏览器的事实 - 可以在调试器上拦截或查看。
上述所有方法都可以防止缓存,但不能防止任何人窃取您的图像。互联网的整体思想是从另一台计算机访问资源。话虽如此,用户可以访问这些资源。到达浏览器的任何内容都服从用户的意愿。他可能会查看它,查看源代码,在到达时拦截它,或者使用调试器进行查看。
你在互联网上的网页上放置的任何内容都像公开交出一百万美元 - 你无法阻止窃贼观看,你可能不知道与你打交道的人是否也是窃贼。
避免您的图像被他人拥有的唯一万无一失的方法就是在其上放置一个大水印!
adding a timestamp in the resource's url:
this fools the browser and server to think that it's a new resource everytime. just make sure the value is different everytime. this applies to any resource (anyone correct me if i'm wrong) like plain html, images etc.
Random Querystring to avoid IE caching
However, the resource is still stored in the cache regardless if it has expired. All the browser does when a resource expires is to wait until the user checks the site again, re-downloads the resource and overwrites the existing one in the cache. Until the user does that, it does not delete the ones from the cache.
Another way to prevent caching is to use SSL in your connection. By default, browsers do not cache SSL'ed sites - one of the main reasons, aside from additional overhead for decryption, why SSL all over the place is avoided. However, still, some browsers allow SSL caching (as far as i know, Firefox does) AND still does not change the fact that the resource is sent to the user's browser - which can be intercepted or viewed on a debugger.
All of the methods above can prevent cache but will NOT prevent anyone from stealing your images. The whole idea of the internet is to access resources from another computer. With that said, the user HAS ACCESS to those resources. Anything that arrives to the browser is subject to the user's will. He may look at it, look at the source, intercept it on arrival, viewed using a debugger whatever.
Anything you put in a web page on the internet is like handing over a million dollars in the open - you can't prevent thieves from watching, you may not know if the person you are dealing with is also a thief.
The only fool-proof way to avoid you images from being owned by someone else is to place a big watermark on it!