View image by its full size URL ? [image security issue]

HoundSP · June 16, 2006, 12:48:37 PM

Is there any way to prevent users from directly view the images by its full size image URL?
such as http://www.mywebsite.com/gallery/displayimage.php?pid=1&fullsize=1 this will allow ANYONE to view the image wheather they have permission or not.

both .htaccess and control_fullsize mod didnt help to prevent such method.

* Hiding image location is a nice idea but I can't find the specified code in include/function.inc.php (refer to http://forum.coppermine-gallery.net/index.php?topic=3069.0). Is there any other mothod? I tried to search for such topics but mostly found about .htaccess

Im using CPG 1.4.6

Thanks in advance.

Tarique Sani · June 16, 2006, 01:18:03 PM

Coppermine Core does not have any code to prevent *only* the fullsize picture from not being shown.

jjhat1 · June 16, 2006, 01:22:23 PM

You can also try a plugin I have written. It loads the files through a PHP script using the PID and quality requested but uses MD5 to prevent people from just changing the quality or PID number to access another picture.

http://forum.coppermine-gallery.net/index.php?topic=32348.0

Hope this helps...

If you have any additional request for features related to this plugin it would be appropriate to post them on this board and not the announcement board.

coppermine-gallery.com/forum

News:

View image by its full size URL ? [image security issue]

HoundSP

Tarique Sani

jjhat1