Keeping directories private Keeping directories private
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Keeping directories private

Started by loverboy, August 13, 2004, 02:16:43 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

loverboy

Hiya! What an awesome program. I love it...

I just installed it on the server.  I have some video clips that I want to allow to registered members, and some others to only approved ones.  I setup a group that requires me to approve.  Anyway I then found that since the base directory (ie /album/) has to be visible otherwise I can't use batch upload, someone can easily just browse through the www to that directory and see everything!

I'm not sure if there's a way to work around it. I've tried redirecting directories beyond /album/ (e.g. /album/private/videos) but that makes the vids unavailable. I've tried changingn the directory attributes, but that makes batch upload not work.  All I want is so that no one else can see certain albums even if they know which directory the files are in

Any solutions?

Thanks!

mstralka

Coppermine comes with an index.html file in the /albums directory - maybe you deleted it?

if your server is configured to look for index.html file as the default file, then visitors will not see the list of files in that directory (most servers do this).  If it's not there, download coppermine again, get the index.html from that /albums directory, and upload it to your /albums directory on the server.  Then copy it to all sub directories in the /albums dir. 
Hope that helps.
GO IRISH

loverboy


skyxliner

this can also be done through cpanel if you have it, disabling index browsing

Joachim Müller

cpanel is a crutch for real control over the webserver: on IIS, you set it in the Webserver console. On apache, you setOptions -Indexesin .htaccess

GauGau

loverboy

I am just copying index.html into directories.  I actually edited it to redirect it to the main gallery page.

Is this secure enougH? Is it hackable?

Joachim Müller

you won't even have to set a redirector, a blank index.html file will do. In fact, everything is hackable with some amount of knowledge, but what would this hacker gain? A list of files in a folder - not that impressive.
I recommend using the settings I described above (Options -Indexes in .htaccess) if your webhost let's you have .htaccess files - it's much more effective.

GauGau

loverboy

Sorry if I'm thick but how do I log into IIS or my server is it through FTP or something?  Sorry for being so useless!  Also would I set that to just the albums dir?

Thanks!

Joachim Müller

if you're webhosted you can not manage the whole webserver with the IIS admin console - you will have to ask your webhsot to do this for you.

GauGau