Joomla +G2 security issue

scottb

Joined: 2006-10-20
Posts: 7
Posted: Tue, 2006-12-05 18:56

I have a security issue with the video galleries using Gallery2. The gallery directory is accessible if found. Movies can be watched without logging in. http://mysite/gallery/main.php

I tried to protect the directory using .htaccess, but it interferes with the Gallery loading in Joomla members section. I do not know why this doesn't work.

AuthType Basic
<Limit GET POST>
order deny,allow
deny from all
allow from mysite.com
</Limit>

Any suggestions?

scottb

 
valiant

Joined: 2003-01-04
Posts: 32509
Posted: Wed, 2006-12-06 04:03

- why not move the g2data folder out of your document root?
- no idea how a .htaccess in your g2data/ folder should interfere with anything outside the .htaccess folder.

 
scottb

Joined: 2006-10-20
Posts: 7
Posted: Wed, 2006-12-06 13:44

I don't understand either.

I get the the text and a broken thumbnail. The movies will play but I get no thumbnail with .htaccess on.

 
valiant

Joined: 2003-01-04
Posts: 32509
Posted: Wed, 2006-12-06 15:25

i guess because joomla uses g2 as media folder or something like that and the URLs link to the g2data folder directly, which is wrong. it should all go through the gallery2 application.
the joomla integration guys will know more.

 
admodum

Joined: 2008-01-10
Posts: 9
Posted: Wed, 2008-03-19 15:14

I'm using G2 & Gallery 2 Bridge 2.0.14 inside Joomla.

I have the same thing going on.

User album have permissions set so that only registered users can view the albums, but i can still get to the images by pasting the iitem url in the address bar?!?!?!??

Anyone know a solution?

 
scottcroft

Joined: 2006-01-20
Posts: 1
Posted: Fri, 2008-06-20 00:21

I have the same issue. Not sure if I have a setting wrong in joomla or gallery or what? The users and login work fine. Anyone can go to http://www.mysite.com/gallery/main.php with no login required. Any help or direction would be appreciated.

using G2 and Gallery 2 bridge with godaddy hosting.