Private Album pics still visiable via URL access. Private Album pics still visiable via URL access.
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Private Album pics still visiable via URL access.

Started by Rochester, November 10, 2006, 05:06:35 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Rochester

November 10, 2006, 05:06:35 PM
I'm looking for a way to restrict access to images when they are referenced by their URL. The albums are all private and need a login to access however the individual images can be viewed in a browser when you type the images exact URL.

I've searched for a few hours but maybe I need a better keyword.

I've installed an instance Coppermine in my https directory but still had the same issue.

Would changing the default chmod for uploads do this?

I realize this would prevent the use of E-cards to unregistered users.

Great Product and equally helpful board.

Jim

Joachim Müller

#1
November 10, 2006, 06:56:49 PM
You can set up some hotlink protection to avoid individual pics peing hotlinked by others (using .htaccess), but there's no mechanism built into Coppermine that could keep people from accessing files by entereing the URL in the browser's address bar. The whole coppermine concept in this aspect is based on not letting people know/guess the url of pics.
There has been a discussion (and maybe there's a mod as well) about storing the pics outside of the webroot and retrieving them by browser session (i.e. temporarily creating a "mirror" of a file when accessed through coppermine). However, this is a resources-consuming process that could only work for sites with low traffic.

Print
Go Up Pages1
User actions