coppermine-gallery.com/forum

Are picture files secure?

I have it set to only registered users but ecard shows direct link to pictures without login so I'm concerned.

Sorry, for multiple replies, forum doesn't let me post long message.

Quote from: peachee on April 30, 2006, 03:50:52 PM
Are picture files secure?

no, they're not, if your question actually is "are pics safe against theft". Don't put files on the internet if you're actually concerned about people stealing your pics.
If you have another issue, then post more details.

sorry for the following multiple replies but i'm still having problems posting.

with all the permissions with users and groups settings i was under the impression the login might use a user session that would only have access to view these pictures/pages. 

it would be easy to do wouldn't? 

i respect your comments regarding not putting photos on the internet if i'm worried about them getting stolen, but that's a little extreme. 

sites can easily be created that wouldn't allow unlogged in users to steal pictures. 

why have the settings in the program not to allow unlogged in users to view the pictures if the whole album folders are still accessibile directly? 

or am i misunderstanding something here? 

my site is just for about 5 people that will be sharing pics that i don't want the public to have access to or having search engines like google cache.

Quote from: peachee on May 01, 2006, 05:39:59 PM
why have the settings in the program not to allow unlogged in users to view the pictures if the whole album folders are still accessibile directly? 

If you don't want to allow people to view folder listings, and if you have apache and .htaccess access, you can disable directory listing.

As for search engine caching, look up info on robots.txt

These are not a Coppermine issues, but the way the web works. Fortunately, there are ways around them.

Quote from: peachee on May 01, 2006, 05:39:59 PM
sites can easily be created that wouldn't allow unlogged in users to steal pictures.

If it's so easy, why don't you show us some code? Don't claim ease if you can't show us the code.

this board has problems.  here's my multiple posts again....

something like the following:

<?php
session_start();
if (!isset($_SESSION['logged_in'])) {

header('Location: ../log_in_page.php');
die();
} else {
$img_file = "test.jpg";

header("Content-Type: image/jpeg");
readfile($img_file);
exit;
}
?>

html...
<img src="secure_img.php" />

with the above type of example, you wouldn't have to hang all the images open to the public internet would you?

dynamic creation of images is a resources monger, not an option for most users. Actually, this is pseudo-code, not real code.