We're not that far off the thread topic I think. The administrator is not in the registered users group was the beginning of it. Because this is so, people have started asking for hacks for restricting access to this and that, because they couldn't use the feature originally intended for the purpose, because it didn't work properly.
I only pointed out that the hacks proposed on the board (
http://forum.coppermine-gallery.net/index.php?topic=2357) and FAQ (the one that was in the downloaded install for coppermine I called 'official') to remedy the problem do not live up to the security standards present everywhere else in cpg, and that this is not made obvious. One user in the thread above thinks the workaround 'works like a charm'. I pointed this out so as to corroborate other posters on this thread in order to further convince the developers that this is a high priority issue.
My proposition regarding the FAQ is to include a notice that the workaround presented can only be considered an emergency solution, and that users should not forget to upgrade to the next release when this issue is being dealt with properly.
You call for not turning to flaming... Yet exagerrations and generalizations ("reinvent the WWW", "absolute security") and suggesting I would suggest something completely silly ("delete the FAQ") are common ways to disrespect another's intelligence to the point of where flaming will start. All I said that apparently offended you is that these two particular hacks on this board are ridiculous in terms of security, which they are, in comparison to the way security is handled everywhere else in this outstanding app.
btw. it's not the script kiddies who come up with hacks, they only reproduce them, going by (someone else's) "script". That's the idea of the term, they're supposed to be lame, etc.
What do you mean by security of comments? A serious hacker who's after your pictures would try to find out what web app you're using for your gallery so as to have a look at the (PHP!) source and learn your likely folder structure and possible ways you could have set it up wrong, etc. This task is greatly facilitated if the app puts its name and version in an html comment on every page, as does cpg. That's how the comments relate to the security of your pictures.
But anyway,
peace, oK