菜梗居

Basically somebody who knows how to sniff http network traffic can see what links the slide show requests。 It's not hard for a developer 。 You just have to run it.

具體的做法：就是從html source code裏， extract 出那個 flash link ， 然後open that link in the browser，and launch the proxy， then you can discover the image requests， 這樣很快就可以找出所有flashslideshow裏麵的pp了。

從flickr 網站：

http://www.flickr.com/photos/23620228@N02/5475796583/lightbox/

這個頁麵已經放置了禁止下載的功能，但是deveoper 還是可以很容易的下載。細節如下：我用safari，under develope tab, inside "show web inspector", 很容易就可以找到pp in the resources的，但是你要我下載一個給你證明看看，我就把下載的你的一張照片貼在我的博客首頁裏。隻是要告訴你，照片沒有絕對安全的。別人要拿到你的pp總是可以拿到。千萬不要自己覺得很安全。網絡沒有100％的安全。

when you click a delete button, you somehow tell the server to do the delete action, the results of the action is that you don't see it on the page anymore. But it could be still in the database on the server.（images could be stored in the database or file system on the server)

If a hacker can get into the database or file system which hosts images, that means he can get that particular image eventually.

Also if the image is cashed in any other website like google engine, that is also accessible by other users.

Delete is a user function that does or does not do what the end user thinks it is doing.

意思就是說，作為end user， 你閃一閃照片或者flashslides就把它刪掉，那隻是你認為刪掉了。這個刪掉的功能到底是如何設計的，每個公司每個網站都可能不一樣。有的時候，你用戶本人看不到照片了，但照片可能已經在server上麵存檔了。因為公司有商業利益或其他考慮，可能還不想你的post真的永久消失。如果還在server上某個地方存檔的話，有心人就很容易找到它。特別是在wxc這種不是用https的網站，第三者可以觀察到你正在做什麽。

. 用google賬戶的site功能，在那裏建網頁，把圖片都傳上去，再link 過來。Google 存圖又大又免費還保險。