forum.coppermine-gallery.net

Support => cpg1.5.x Support => cpg1.5 permissions => Topic started by: BlkKnight on November 28, 2012, 12:55:42 pm

Title: Prevent directly linking to files - bypassing CM security
Post by: BlkKnight on November 28, 2012, 12:55:42 pm

Hi All

First off, thank you for producing this excellent package.

The documentation & programme is second to none.  Even better than many "paid for" applications.

Anyway, enough with blowing sunshine up your bum  :)

I'm running CM on a win 2003 R2 server using XAMPP 20/09/12 - to all intents & purposes is a fresh install.

In the area I work I need to share images to only a select few people - and I'd like to use Coppermine user controls to prevent unauthorised access.

The problem I have is that once a user can directlink to an image, he is able to share the link with unauthorised people.

Is there a way for me to prevent direct access? 

I'm not talking about hotlinking - but directly linking to a file.

EG:

http://files.physicalcompany.co.uk/images/albums/userpics/10001/ethan.jpg

If pasted in a new browser opens.

Title: Re: Prevent directly linking to files - bypassing CM security
Post by: Αndré on November 28, 2012, 01:39:06 pm

To prevent direct access to full-sized pictures, you could use this plugin: http://forum.coppermine-gallery.net/index.php/topic,74870.0.html

To prevent all pictures you'd need to make them inaccessible from the web and change the Coppermine code to use readfile() instead of linking to the pictures directly.

Title: Re: Prevent directly linking to files - bypassing CM security
Post by: BlkKnight on November 28, 2012, 03:03:42 pm

Thank you