Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Users and password protected albums  (Read 3633 times)

0 Members and 1 Guest are viewing this topic.

zac

  • Contributor
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 153
Users and password protected albums
« on: August 28, 2005, 10:25:44 am »

Hello.. I am delving into a new realm of coppermine and trying to figure out the user controls.  I want to use them in such way that they are just controlling who can see which albums.  If I have like 20 albums up, I only want user A to be able to see album A.  Is this possible?  The only options I can find are to make the albums visible to either everyone or only regestired, banned, etc... If this does not work is there a way to password protect each individual album?

Thanks for any help!

Zac

oops.. i just noticed this should be in the permissions and access rights board.... sorry.
« Last Edit: August 28, 2005, 11:28:16 am by GauGau »
Logged

zac

  • Contributor
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 153
Re: Users and password protected albums
« Reply #1 on: August 28, 2005, 10:31:46 am »

Ack... I figured it out.  Have to go into groups in the admin mode and create new ones.
Logged

amol

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Re: Users and password protected albums
« Reply #2 on: August 29, 2005, 05:51:10 pm »

I have a follow up question...
Lets say coppermine root is domain.com/photos

And I setup album A such that it is only accessible to group A, in which there is only one user, user A.
So only user A should be able to see this album.
If unregistered user or some other user logs in, they cannot see album A in the list of albums. So far so good.

BUT...if they point to a url like
domain.com/photos/albums/userpics/10001/photoname.jpg, anyone can view the photos.

Which is something that I dont want.

Question: Is there any way to _really_ restrict access to photos and albums?
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Users and password protected albums
« Reply #3 on: August 30, 2005, 07:40:35 am »

has been discussed many times, please search the board. There's no absolute safety though: if a determined user who knows his way around in coppermine is able to guess the url of an individual pic, he'll be able to see it. However, there are several methods (discussed on the other threads that I told you to search for) to make it harder (or nearly impossible) to do so. Additionally, there's a method outlined in a thread on how a complete protection could be achieved (by storing the pics outside the webroot and serving it only on the "legitimate" page), but don't expect code ready for copy'n paste - you have to be an expert to accomplish this sort of protection.
Logged
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 20 queries.