Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Prevent directly linking to files - bypassing CM security  (Read 4398 times)

0 Members and 1 Guest are viewing this topic.

BlkKnight

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Prevent directly linking to files - bypassing CM security
« on: November 28, 2012, 12:55:42 pm »

Hi All

First off, thank you for producing this excellent package.

The documentation & programme is second to none.  Even better than many "paid for" applications.

Anyway, enough with blowing sunshine up your bum  :)

I'm running CM on a win 2003 R2 server using XAMPP 20/09/12 - to all intents & purposes is a fresh install.

In the area I work I need to share images to only a select few people - and I'd like to use Coppermine user controls to prevent unauthorised access.

The problem I have is that once a user can directlink to an image, he is able to share the link with unauthorised people.

Is there a way for me to prevent direct access? 

I'm not talking about hotlinking - but directly linking to a file.

EG:

http://files.physicalcompany.co.uk/images/albums/userpics/10001/ethan.jpg

If pasted in a new browser opens.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15765
Re: Prevent directly linking to files - bypassing CM security
« Reply #1 on: November 28, 2012, 01:39:06 pm »

To prevent direct access to full-sized pictures, you could use this plugin: http://forum.coppermine-gallery.net/index.php/topic,74870.0.html

To prevent all pictures you'd need to make them inaccessible from the web and change the Coppermine code to use readfile() instead of linking to the pictures directly.
Logged

BlkKnight

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Re: Prevent directly linking to files - bypassing CM security
« Reply #2 on: November 28, 2012, 03:03:42 pm »

Thank you
Logged
Pages: [1]   Go Up
 

Page created in 0.026 seconds with 20 queries.