Securing Albums directory

rubbdzi

Joined: 2003-06-12
Posts: 3
Posted: Thu, 2003-06-12 13:27

Hi!

I checked out gallery - it is very, very good! I even get it to work coorrectly as MyPHPNuke module (MyPHPNuke have no modules :D).

There is one thing i 'm worrying about - every body can browse through albums directory - images on pages are dirtect linking images! I'm, using Yahoo as my hosting company, so i can't change indexing options and can 't use mod_rewrite :(

Why image loading is not made through script, why images are direct linking? You know, if someone can browse through albums directory, all the users etc security in gallery is useless!
 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Fri, 2003-06-13 11:54

1) This is fixed properly in Gallery 2, which has a real image firewall. This is one of the major problems with Gallery v1.x. So a fix is on its way...

2) Search the Customization Forum for *tons* of information on how to better secure your albums directory in the mean time.

-Beckett (

)
 
rubbdzi

Joined: 2003-06-12
Posts: 3
Posted: Fri, 2003-06-13 14:25

beckett,
Thanks about reply!
1) I'll try gallery 2;
2) any way that can be done only by modifying PHP code of gallery, and that is not good idea... even i 'm professional programmer(also using PHP), i know what is version control, upgrading problem after modifying something ;)
 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Fri, 2003-06-13 14:31

Well... Gallery 2 isn't even in alpha release yet... so it's not really ready for use.

If you search the forum though, you can wrangle some control over the albums directory with some creative use of mod_rewrite, etc.
 
rubbdzi

Joined: 2003-06-12
Posts: 3
Posted: Fri, 2003-06-13 14:37

beckett,
I am using hosting which do not allow to use mod_rewrite or .htaccess... :( I can put empty index file in each dir, but that does not disable reading of dat files of album dirs...