Picture Security / guess the picture path Picture Security / guess the picture path
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Picture Security / guess the picture path

Started by mike12345, August 05, 2005, 05:12:13 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

mike12345

Hi all,

Today I started to work with cpg. My first experience is good.
But now I think about the security of my pictures.
I'm planning to have albums for friends, family and everyone.
But when someone looks at the graphic properties he can see that the picture is saved in the ".../albums/userpics/" folder.

If now a person that should only see pictures for friends tries to guess other pictures names, it is possible that he can see pictures that are only for family.

And because I'm the only person, that is uploading pictures, it is not difficult to guess the names. It's always DSC0XXXX.JPG.

Is it possible to prevent that?
Is it maybe possible to save the pictures in the database? I think that should be the most secure way.

I hope everyone understand my problem. I now my English is not the best :-).


Thanks for help

Mike

kegobeer

Binary data has no business being stored in a database, in our opinion.  We are looking into various ways to prevent people from guessing and accessing images directly.  There are several threads that talk about this.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots