help noob help noob
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

help noob

Started by peachee, April 30, 2006, 03:50:52 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

peachee

Are picture files secure?

peachee

I have it set to only registered users but ecard shows direct link to pictures without login so I'm concerned.

peachee

Sorry, for multiple replies, forum doesn't let me post long message.

Joachim Müller

Quote from: peachee on April 30, 2006, 03:50:52 PM
Are picture files secure?
no, they're not, if your question actually is "are pics safe against theft". Don't put files on the internet if you're actually concerned about people stealing your pics.
If you have another issue, then post more details.

peachee

sorry for the following multiple replies but i'm still having problems posting.

peachee

with all the permissions with users and groups settings i was under the impression the login might use a user session that would only have access to view these pictures/pages. 

peachee

it would be easy to do wouldn't? 

i respect your comments regarding not putting photos on the internet if i'm worried about them getting stolen, but that's a little extreme. 

peachee

sites can easily be created that wouldn't allow unlogged in users to steal pictures. 

why have the settings in the program not to allow unlogged in users to view the pictures if the whole album folders are still accessibile directly? 

peachee

or am i misunderstanding something here? 

my site is just for about 5 people that will be sharing pics that i don't want the public to have access to or having search engines like google cache.

Tranz

Quote from: peachee on May 01, 2006, 05:39:59 PM
why have the settings in the program not to allow unlogged in users to view the pictures if the whole album folders are still accessibile directly? 
If you don't want to allow people to view folder listings, and if you have apache and .htaccess access, you can disable directory listing.

As for search engine caching, look up info on robots.txt

These are not a Coppermine issues, but the way the web works. Fortunately, there are ways around them.

Tranz

Quote from: peachee on May 01, 2006, 05:39:59 PM
sites can easily be created that wouldn't allow unlogged in users to steal pictures.
If it's so easy, why don't you show us some code? Don't claim ease if you can't show us the code.

peachee

this board has problems.  here's my multiple posts again....

peachee

something like the following:

peachee

<?php
session_start();
if (!isset($_SESSION['logged_in'])) {

peachee

header('Location: ../log_in_page.php');
die();
} else {
$img_file = "test.jpg";

peachee

header("Content-Type: image/jpeg");
readfile($img_file);
exit;
}
?>

peachee

html...
<img src="secure_img.php" />

peachee

with the above type of example, you wouldn't have to hang all the images open to the public internet would you?

Joachim Müller

dynamic creation of images is a resources monger, not an option for most users. Actually, this is pseudo-code, not real code.