Album security question

als56k Joined: 2006-04-22 Posts: 24	Posted: Sat, 2009-10-17 22:37
	What's the expected behavior when someone tries to access an image directly, i.e. types http://www.example.com/gallery3/var/albums/album/image.jpg into the address bar? Here's what I'm getting: User is "everybody" & everybody is not allowed to "view full size" => Dang page User is registered & registered users are allowed to view full size => Image loads Is the "everybody" result correct? I ask because I interpret the dang page to mean there is a problem with G3, rather than G3 is functioning correctly and a user tried to do something that's not allowed. Thanks, als56k
	XUser login Username: * Password: * Create new account Request new password
floridave Joined: 2003-12-22 Posts: 25961	Posted: Sat, 2009-10-17 22:50
	That is the current behavior. there is a ticket for this: http://sourceforge.net/apps/trac/gallery/ticket/603 FAQ: Are my photos secure? They're right there on my website! Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

als56k Joined: 2006-04-22 Posts: 24	Posted: Sat, 2009-10-17 23:00
	Thanks. --als56k

XUser login