Topic: View image by its full size URL ? [image security issue] (Read 3516 times)

HoundSP · « **on:** June 16, 2006, 12:48:37 pm »

Is there any way to prevent users from directly view the images by its full size image URL?
such as http://www.mywebsite.com/gallery/displayimage.php?pid=1&fullsize=1 this will allow ANYONE to view the image wheather they have permission or not.

both .htaccess and control_fullsize mod didnt help to prevent such method.

* Hiding image location is a nice idea but I can't find the specified code in include/function.inc.php (refer to http://forum.coppermine-gallery.net/index.php?topic=3069.0). Is there any other mothod? I tried to search for such topics but mostly found about .htaccess

Im using CPG 1.4.6

Thanks in advance.

Tarique Sani · « **Reply #1 on:** June 16, 2006, 01:18:03 pm »

Coppermine Core does not have any code to prevent *only* the fullsize picture from not being shown.

jjhat1 · « **Reply #2 on:** June 16, 2006, 01:22:23 pm »

You can also try a plugin I have written. It loads the files through a PHP script using the PID and quality requested but uses MD5 to prevent people from just changing the quality or PID number to access another picture.

http://forum.coppermine-gallery.net/index.php?topic=32348.0

Hope this helps...

If you have any additional request for features related to this plugin it would be appropriate to post them on this board and not the announcement board.

News:

Author Topic: View image by its full size URL ? [image security issue] (Read 3516 times)

HoundSP

View image by its full size URL ? [image security issue]

Tarique Sani

Re: View image by its full size URL ? [image security issue]

jjhat1

Re: View image by its full size URL ? [image security issue]