Is Security tight with coppermine?

[jodest3]

Hi there!

I want to upload files via the web to either Coppermine (which is why I'm here) or some other place that keeps files only for registered users (ie. only me) and keeps them locked from anybody else getting in.  I'm not sure how Coppermine is secure.  I've heard some things in the past about this gallery being hacked.  I don't want that and I'm really quite scared.  So I thought I would ask you guys. 

Is Coppermine good for this?  Is there a particular version I should be installing?  If Coppermine isn't good for this, do you recommend doing anything else?  Any other programs or tricks?

Thanks in advance!

- Jess

[Nibbler]

Coppermine's raison d'etre is to display images, not to protect them. If you want to hide them then password protect the Coppermine directory at the server level and you're safe. Only version we recommend is the latest stable version, 1.4.8.

[jodest3]

Oh I know that   I know to password protect, but what I'm wondering is - can someone hack through that?  Through password protecting - is security pretty tight?

[Tarique Sani]

Anyone who knows the complete URL to the files/pictures will still be able to get to them as they are still stored in the webroot - in short the album pages are protected the pictures themselves  are not - this incidentally is similar to flickr

[Joachim Müller]

If you are going to be the only person to access your gallery, apply an authorization method on webserver level (i.e. password protection using .htaccess methods). This way, everything within the coppermine directory can be kept from being accessed unless a potential attacker manages to hack your .htaccess password auth. However, this discussion applies to everything that is password-protected.