Direct private album linking

[kieranmullen]

I have noticed though that when you are logged out the private album is not viewable from the main page but you can link directly to it.  Is this a config issue on my part?

This discussion is not related to the password discussion. I Just through that members of the group could only view pictures uploaded by other members of the group.

Thanks

KM

[Casper]

I have noticed though that when you are logged out the private album is not viewable from the main page but you can link directly to it.  Is this a config issue on my part?

What exactly do you mean by link directly.  No one other than admins and the group selected should be able to view the album.

This discussion is not related to the password discussion. I Just through that members of the group could only view pictures uploaded by other members of the group.

When viewing, the permissions do not reflect the group of the uploader, just the member viewing.  If you are in group 'A', you can see all albums selected for group A, and all albums open to all, regardless of who uploaded them.  In version 1.3. you can be a member of multiple groups.

[nica]

Anyone no need to log into my coppermine could get my picture with directory path, for instance, enter http://photo.nica.com.tw/albums/userpics/10003/abc.jpg.
The abc.jpg within the album I set to just me(or just my group whatever) could viewed it.

[kieranmullen]

The only real way you could protect it like this would be a) through web server configuration,, which would be a pain  b)Have images stored in database. This is not terribly efficent but many people are doing it.

[Joachim Müller]

If an album is private the user would have to guess the folder and filename the pic is in to use direct access. Try some "security by obscurity" and use hard-to-guess file names.

GauGau