Image Path URL Easy to Hack ?

[rostros]

Im sure I have seen one of these related threads before but could not find it.

Anyways My CPG has members and I have it so only Registered Members can See Full Size Only, and Un-Registered Members can see the Thumbnail and Intermediate Photo, I have noticed that there is an Easy hack to see the Full Size image, once the intermediate photo is loaded, the Un registered user can right click and view the Photo URL Path e.g

                  http:yoursite.com/cpg/images/gallery/normal_image.jpg  

Then all they need to do is delete the Normal_ and they have the ability to view the full picture using a direct path, also this is a problem as image hotlinking to other sites is a big problem for me.

I have currently got a Javascript disabling the right click on images but I would like to be able to remove this as right click is a popular choice when looking at images.

Any Help would be great 

[Casper]

Try this, from the faq, http://coppermine.sourceforge.net/faq.php#preventHotlinks

[TyL]

Ok but don't work on apache & windows

[Tranz]

I think that code just prevents hotlinking, but not direct access from the browser address bar.

Try this: http://forum.coppermine-gallery.net/index.php?topic=3021.msg45672#msg45672

But I don't know if it is specific to linux/unix.

@TyL: Also, since you have multiple questions, please specify what doesn't work and how it doesn't work.

[Tarique Sani]

You can have an .htaccess file check for referer and see if it is displayimage.php of your site - basically the same principle as the prevention of hotlinking - AFAIK .htaccess will work just the same on Apache for windows as it does for *nix

But still my contention is if it is on the web it is stealable - may be you should really look at session based one time URL generation