In our application,we have a web service which wll return images to the client according to the parameter.
Now,we want to make sure that the image can not be used by no-permissioned user and can not be intercepted through the network.
So we want to encrypt the image in the server side,when the client get the image,it should be decrypted accordingly. However our application is browser based. It seems that in the browser we can not use javascript to decrpte the image stream.
Assume that each client which call the service is absolute safe.
We try to use a hidden flash in the page,which may decrpte the image and save them to local,then show them in the page, this will use the communications between the js and flash.
But we have to decrype the image use the flash language other than c# or java.
So I want to know if there is any solution to meet my requirement?
ALso if there is another better manner?
UPDATE:
Our service for servering images:
http://xxx/getImage?row=1&col=3
This url is public,so any one can use this service with different paramter.
Even we add a key paramete like this:
http://xxx/getImage?row=1&col=3&key=SDSGSDSKDFEKYESLWQODLSFKDS
THen we meet two problem:
1)how about other people know this key,even we bind the key with the ip or mac addresss.
2)How about the user grap the http package directly? Then he do not need know any parameter,he can intercept the whole image steam.
UPDATE2
Is there is a solution using both server side and client side?
That’s to say,does using flash will work or not?
Serve the image, and the entire of the page that calls the image, over HTTPS instead of unencrypted HTTP.
There is no need to involve any kind of client side programming. SSL encryption support is built into browsers.
They don’t. That’s the point of secret keys.
They can’t. That’s the point of SSL encryption.