Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Direct private album linking  (Read 3961 times)

0 Members and 1 Guest are viewing this topic.

kieranmullen

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 48
Direct private album linking
« on: April 22, 2004, 06:00:47 pm »

I have noticed though that when you are logged out the private album is not viewable from the main page but you can link directly to it.  Is this a config issue on my part?

This discussion is not related to the password discussion. I Just through that members of the group could only view pictures uploaded by other members of the group.

Thanks

KM
Logged

Casper

  • VIP
  • Coppermine addict
  • ***
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 5231
Re: Direct private album linking
« Reply #1 on: April 22, 2004, 08:02:46 pm »

I have noticed though that when you are logged out the private album is not viewable from the main page but you can link directly to it.  Is this a config issue on my part?

What exactly do you mean by link directly.  No one other than admins and the group selected should be able to view the album.


This discussion is not related to the password discussion. I Just through that members of the group could only view pictures uploaded by other members of the group.

When viewing, the permissions do not reflect the group of the uploader, just the member viewing.  If you are in group 'A', you can see all albums selected for group A, and all albums open to all, regardless of who uploaded them.  In version 1.3. you can be a member of multiple groups.
Logged
It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here

nica

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Re: Direct private album linking
« Reply #2 on: May 05, 2004, 05:09:52 am »

Anyone no need to log into my coppermine could get my picture with directory path, for instance, enter http://photo.nica.com.tw/albums/userpics/10003/abc.jpg.
The abc.jpg within the album I set to just me(or just my group whatever) could viewed it.
Logged

kieranmullen

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 48
Re: Direct private album linking
« Reply #3 on: May 05, 2004, 05:43:15 am »

The only real way you could protect it like this would be a) through web server configuration,, which would be a pain  b)Have images stored in database. This is not terribly efficent but many people are doing it.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Direct private album linking
« Reply #4 on: May 05, 2004, 09:31:10 am »

If an album is private the user would have to guess the folder and filename the pic is in to use direct access. Try some "security by obscurity" and use hard-to-guess file names.

GauGau
Logged
Pages: [1]   Go Up
 

Page created in 0.025 seconds with 20 queries.