How To Prevent Copying Images From Lightroom Flash Galleries

by Daniel Neeley

People tend to think a gallery built in flash is safe because you can’t drag-and-drop or right-click and download images being displayed. Aside from the additional flair provided by flash, this is a big reason why flash galleries are so popular amongst photographers. Unfortunately flash galleries are not as secure as many think.

While there are many ways someone can copy images from a web page, this article will focus on one method called URL hacking. I will outline how to use URL hacking to access the largest resolution images available in Lightrooms flash-based galleries.1 I’ll then show you how to prevent it on your site.

What is a URL Hack?

A URL hack is simply the means of obtaining access to a part of a website by altering the site address you see at the top of your web browser. Generally URL hacks are very simple. Replacing a letter or typing a new directory both count as a URL hack. Through some trial and error you can sometimes get what you are looking for without the need for a direct link on a web page.

As it relates to the flash galleries from Lightroom, you cannot stop a url hack, but you can control what is shown.

The Lightroom Flash Galleries

When you create a flash-based gallery the images are not embedded inside the flash file. Instead, images are contained in a directory somewhere on the website. The flash gallery simply is used to display the images. If you know the directory location of those images, then you could gain access to them outside of the flash interface.

Lightroom places all its gallery files into a single folder allowing you to easily upload it to your site. By looking inside this folder you can find out what you need to type in the site address to get to the images.

Create a gallery in Lightroom and export it to your desktop. Now take a look at what’s inside of the folder containing the gallery. You’ll notice two directories. “Resources” contains the guts of the gallery—the engine if you will. The “bin” folder is where the images are kept.

How To Perform The Hack

Now that the basics are out of the way, lets execute the actual hack. Load up my example gallery of Noise Ninja calibration images in another tab or window. Pretty, aren’t they? How could you resist downloading them?

In your browser address bar and at the end of the URL for the gallery, type in the following (some sites may have “index.html” which must be deleted first):

bin/images/large/

final url

You will now see a list of jpeg files. This is what’s known as a directory listing. Many websites are set up to do this by default when there is no index page to display.

image list

Click on one of the image names to download it.

If you are using a smaller monitor, chances are the image you just downloaded will be larger than that shown in the gallery since the gallery must resize them to fit. If the maker of the gallery chose “extra large” in Lightroom for the preview size such as I did, these images will be as much as 1,200 pixels in size.

Let me be clear that this is just one of many ways someone can pull your images from your site. Other techniques are just as easy if not easier. Reducing the ability for people to keep copies of your web gallery images is a topic for another time. However, for now I’ll show you a simple way to make this URL hack ineffective.

Disable Directory Listing

The one thing you need to do to stop the URL hack is to deny directory listings.2 In the root directory of your site there should be an .htaccess file.3 In this file add the following text sans quotes:

“Options -Indexes”

Save the file and upload it to your site. Your done. Easy right? Here is another flash gallery example just like the one I linked to previously but with directory listing disabled.

One last thing should be noted before we wrap up. Even though you can stop directory listings, people can still access your images directly by typing in an images file name (e.g. “bin/images/large/file-name.jpg”). If you are using file names as titles in the gallery this gives them the info needed to do this. There is no way around this aside from not using file names in the gallery.

So there you have it. A quick way to access the largest files in a Ligtroom flash gallery and a quick means to stop it.

  1. Although this issue is not specific to Lightroom I will “pick” on Lightroom because it is popular, readily available and just plain easy.
  2. The command I outlined only applies to Apache servers. If you don’t know what that means, use a Microsoft server, or simply don’t wish to mess with it yourself, contact your web host and ask them to set things up for you. Most should do it for free or at the least walk you through it. If not, dump them and get a host with some customer service.
  3. If you do not have an .htaccess file you will need to create one. This can be done using any text editor that comes with your computer such as Notepad. Simply save the file as “.htaccess” when done.