Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Keeping directories private  (Read 4212 times)

0 Members and 1 Guest are viewing this topic.

loverboy

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 23
Keeping directories private
« on: August 13, 2004, 02:16:43 am »

Hiya! What an awesome program. I love it...

I just installed it on the server.  I have some video clips that I want to allow to registered members, and some others to only approved ones.  I setup a group that requires me to approve.  Anyway I then found that since the base directory (ie /album/) has to be visible otherwise I can't use batch upload, someone can easily just browse through the www to that directory and see everything!

I'm not sure if there's a way to work around it. I've tried redirecting directories beyond /album/ (e.g. /album/private/videos) but that makes the vids unavailable. I've tried changingn the directory attributes, but that makes batch upload not work.  All I want is so that no one else can see certain albums even if they know which directory the files are in

Any solutions?

Thanks!
Logged

mstralka

  • VIP
  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 178
Re: Keeping directories private
« Reply #1 on: August 13, 2004, 02:56:57 am »

Coppermine comes with an index.html file in the /albums directory - maybe you deleted it?

if your server is configured to look for index.html file as the default file, then visitors will not see the list of files in that directory (most servers do this).  If it's not there, download coppermine again, get the index.html from that /albums directory, and upload it to your /albums directory on the server.  Then copy it to all sub directories in the /albums dir. 
Hope that helps.
Logged
GO IRISH

loverboy

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 23
Re: Keeping directories private
« Reply #2 on: August 13, 2004, 03:01:06 am »

dude this is PERFECT! thanks!
Logged

skyxliner

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Keeping directories private
« Reply #3 on: August 18, 2004, 12:47:20 pm »

this can also be done through cpanel if you have it, disabling index browsing
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Keeping directories private
« Reply #4 on: August 19, 2004, 07:59:03 am »

cpanel is a crutch for real control over the webserver: on IIS, you set it in the Webserver console. On apache, you set
Code: [Select]
Options -Indexesin .htaccess

GauGau
Logged

loverboy

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 23
Re: Keeping directories private
« Reply #5 on: August 19, 2004, 10:36:24 pm »

I am just copying index.html into directories.  I actually edited it to redirect it to the main gallery page.

Is this secure enougH? Is it hackable?
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Keeping directories private
« Reply #6 on: August 20, 2004, 08:10:24 am »

you won't even have to set a redirector, a blank index.html file will do. In fact, everything is hackable with some amount of knowledge, but what would this hacker gain? A list of files in a folder - not that impressive.
I recommend using the settings I described above (Options -Indexes in .htaccess) if your webhost let's you have .htaccess files - it's much more effective.

GauGau
Logged

loverboy

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 23
Re: Keeping directories private
« Reply #7 on: August 20, 2004, 04:25:00 pm »

Sorry if I'm thick but how do I log into IIS or my server is it through FTP or something?  Sorry for being so useless!  Also would I set that to just the albums dir?

Thanks!
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Keeping directories private
« Reply #8 on: August 21, 2004, 03:50:01 am »

if you're webhosted you can not manage the whole webserver with the IIS admin console - you will have to ask your webhsot to do this for you.

GauGau
Logged
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 20 queries.