Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Is Security tight with coppermine?  (Read 4429 times)

0 Members and 1 Guest are viewing this topic.

jodest3

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Is Security tight with coppermine?
« on: July 07, 2006, 10:39:45 pm »

Hi there!

I want to upload files via the web to either Coppermine (which is why I'm here) or some other place that keeps files only for registered users (ie. only me) and keeps them locked from anybody else getting in.  I'm not sure how Coppermine is secure.  I've heard some things in the past about this gallery being hacked.  I don't want that and I'm really quite scared.  So I thought I would ask you guys. 

Is Coppermine good for this?  Is there a particular version I should be installing?  If Coppermine isn't good for this, do you recommend doing anything else?  Any other programs or tricks?

Thanks in advance!

 - Jess
Logged

Nibbler

  • Guest
Re: Is Security tight with coppermine?
« Reply #1 on: July 07, 2006, 10:43:14 pm »

Coppermine's raison d'etre is to display images, not to protect them. If you want to hide them then password protect the Coppermine directory at the server level and you're safe. Only version we recommend is the latest stable version, 1.4.8.
Logged

jodest3

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: Is Security tight with coppermine?
« Reply #2 on: July 08, 2006, 05:54:23 am »

Oh I know that ;)  I know to password protect, but what I'm wondering is - can someone hack through that?  Through password protecting - is security pretty tight?

Logged

Tarique Sani

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 2712
    • http://tariquesani.net
Re: Is Security tight with coppermine?
« Reply #3 on: July 08, 2006, 06:31:01 am »

Anyone who knows the complete URL to the files/pictures will still be able to get to them as they are still stored in the webroot - in short the album pages are protected the pictures themselves  are not - this incidentally is similar to flickr
Logged
SANIsoft PHP applications for E Biz

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Is Security tight with coppermine?
« Reply #4 on: July 08, 2006, 10:46:29 am »

If you are going to be the only person to access your gallery, apply an authorization method on webserver level (i.e. password protection using .htaccess methods). This way, everything within the coppermine directory can be kept from being accessed unless a potential attacker manages to hack your .htaccess password auth. However, this discussion applies to everything that is password-protected.
Logged
Pages: [1]   Go Up
 

Page created in 0.018 seconds with 21 queries.