Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: How to give reg. users access to the batch upload function  (Read 3852 times)

0 Members and 1 Guest are viewing this topic.

_dopehead_

  • Coppermine newbie
  • Offline Offline
  • Posts: 14
How to give reg. users access to the batch upload function
« on: March 14, 2004, 05:46:23 pm »
I have been searching for this and did not find any answers. How do i enable access to the batch upload function in coppermine for my registered users ? i don't wan't them to be admins, but they should have access to batch uploading the pics that they have ftp'ed to my server.

Jan
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
How to give reg. users access to the batch upload function
« Reply #1 on: March 14, 2004, 11:11:04 pm »
batch-add is an admin-only function, as it would require your users to have ftp access, which they could easily use to take over your whole server. In other words: this can't be done!

GauGau
Logged

goebelmeier

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Re: How to give reg. users access to the batch upload function
« Reply #2 on: July 13, 2004, 03:46:43 pm »
Why can't this be done? I'm webmaster of a website with 5 different photographers (dict.leo.org, german -> english :)), each have his own ftp-directory in a chroot which is named /albums/<name>/. Since now, all 5 have admin-rights, to use batch-add. In future I would like them only to add albums and use batch-add. I don't see any security-risk in implementing such a feature.

Wow, bad english, but I hope, you will understand :)
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: How to give reg. users access to the batch upload function
« Reply #3 on: July 13, 2004, 06:50:59 pm »
OK, we decided to let only admins have batch-add, because if we didn't, there'd be a lot of newbie webmaster who gave away ftp-upload permissions to their users without any restriction. The restriction must be that the ftp-uploads must either not be accessible by http or php-parsing must be disabled or uploads must be server-sided restricted to certain file types that can't be harmfull. The reason why an un-secured ftp access would be disastrous for security is easy to see: a "bad guy" might upload a script file (php, perl or whatever) and execute it in the brwoser - this way, he could gain access to the whole website and take it over.
I'm sure that the pro's out there know how to secure their ftp-uploads, but "regular" webhosted "wannabe-admins" won't. This is why there's no batch-add for "regular" users - just to not lead "newbies" into temptation. Those who're in the know can easily disable the "is-admin" check inside the batch-add routine...

GauGau
Logged

goebelmeier

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Re: How to give reg. users access to the batch upload function
« Reply #4 on: July 13, 2004, 08:40:48 pm »
Quote from: GauGau on July 13, 2004, 06:50:59 pm
Those who're in the know can easily disable the "is-admin" check inside the batch-add routine...

Thanks... Very good hint. I haven't looked at the source yet.
Logged
Pages: [1]   Go Up
« previous next »
 

Page created in 0.02 seconds with 18 queries.