Prevent directly linking to files - bypassing CM security Prevent directly linking to files - bypassing CM security
 

News:

CPG Release 1.6.27
change DB IP storage fields to accommodate IPv6 addresses
remove use of E_STRICT (PHP 8.4 deprecated)
update README to reflect new website
align code with new .com CPG website
correct deprecation in captcha

Main Menu

Prevent directly linking to files - bypassing CM security

Started by BlkKnight, November 28, 2012, 12:55:42 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

BlkKnight

November 28, 2012, 12:55:42 PM
Hi All

First off, thank you for producing this excellent package.

The documentation & programme is second to none.  Even better than many "paid for" applications.

Anyway, enough with blowing sunshine up your bum  :)

I'm running CM on a win 2003 R2 server using XAMPP 20/09/12 - to all intents & purposes is a fresh install.

In the area I work I need to share images to only a select few people - and I'd like to use Coppermine user controls to prevent unauthorised access.

The problem I have is that once a user can directlink to an image, he is able to share the link with unauthorised people.

Is there a way for me to prevent direct access? 

I'm not talking about hotlinking - but directly linking to a file.

EG:

http://files.physicalcompany.co.uk/images/albums/userpics/10001/ethan.jpg

If pasted in a new browser opens.

ΑndrĂ©

#1
November 28, 2012, 01:39:06 PM
To prevent direct access to full-sized pictures, you could use this plugin: http://forum.coppermine-gallery.net/index.php/topic,74870.0.html

To prevent all pictures you'd need to make them inaccessible from the web and change the Coppermine code to use readfile() instead of linking to the pictures directly.
Print
Go Up Pages1
User actions