forum.coppermine-gallery.net

Support => cpg1.4.x Support => Older/other versions => cpg1.4 plugins => Topic started by: HoundSP on June 16, 2006, 12:48:37 pm

Title: View image by its full size URL ? [image security issue]
Post by: HoundSP on June 16, 2006, 12:48:37 pm

Is there any way to prevent users from directly view the images by its full size image URL?
such as http://www.mywebsite.com/gallery/displayimage.php?pid=1&fullsize=1 this will allow ANYONE to view the image wheather they have permission or not.

both .htaccess and control_fullsize mod didnt help to prevent such method.

* Hiding image location is a nice idea but I can't find the specified code in include/function.inc.php (refer to http://forum.coppermine-gallery.net/index.php?topic=3069.0). Is there any other mothod? I tried to search for such topics but mostly found about .htaccess

Im using CPG 1.4.6

Thanks in advance.  :)

Title: Re: View image by its full size URL ? [image security issue]
Post by: Tarique Sani on June 16, 2006, 01:18:03 pm

Coppermine Core does not have any code to prevent *only* the fullsize picture from not being shown.

Title: Re: View image by its full size URL ? [image security issue]
Post by: jjhat1 on June 16, 2006, 01:22:23 pm

You can also try a plugin I have written.  It loads the files through a PHP script using the PID and quality requested but uses MD5 to prevent people from just changing the quality or PID number to access another picture.

http://forum.coppermine-gallery.net/index.php?topic=32348.0


Hope this helps...  ;D

If you have any additional request for features related to this plugin it would be appropriate to post them on this board and not the announcement board.