Piwigo.org

benhup · 2014-06-27 12:49:52

Hi community!,

Currently the original image can be protected by enabling

$conf['original_url_protection'] = 'images';

Derivative/resized images can still be accessed directly, even with original_url_protection enabled.
You don't have to be logged in to access derivative images.

I already created some (although not perfect) code to allow action.php to parse derivative images, see:
http://piwigo.org/forum/viewtopic.php?pid=152403

Coming from Gallery2, I really like to share photo albums with friends in a secure way.
I find it unacceptable to tell friends that my and their photo's can be accessed by anyone with a direct URL.
Having all images and non-images run thru action.php makes sure that someone needs to be logged in, before access is granted. To finish it I add "Deny from all" to .htaccess in /_data/i/galleries/ and /galleries/ and we have closed a security issue in Piwigo!

This feature will be much appreciated by certainly current/old Gallery2 users.

So, who is willing to pick this up? Or if you want to make it a joint effort: please help me out. I have little knowledge about Piwigo code, apart from fiddling with it the last days.

I appreciate your response!

Piwigo version: 2.6.3

Best regards,
Ben

flop25 · 2014-06-27 16:36:23

Hi

I tried Gallery and it system protection: I found it very heavy in ressource consumption. That's certainly why the other giant of the internet doesn't do it, but they are not particulary concerned about privacy
I had issues also with intenpestive logout when using this mode...

That's why we randomized the file names when uploading; that's a compromize

benhup · 2014-06-27 16:50:27

Hi flop25,

Gallery2 has some performance issues, that's for sure!
Gallery2 is heavy indeed.
I'd love to fully migrate to Piwigo. I looked at Piwigo before when 2.4, and now again at 2.6.
Before 2.4 the derivatives were stored inside the original directories. That was certainly no good as my photo directory is read-only for Apache... Security reasons... With Piwigo 2.4+ that issue is solved.

I'm fully happy with Piwigo 2.6, except this last eeny-meeny last thingy: security with URL protection, only allowing logged in users to access files.

So far (with my adaptions) I have not noticed any big slow downs. Most certainly not the slowness of Gallery2!

I'll leave Gallery 2 for Piwigo when URL protection on all files is implemented, and I'm happy to help :)

Last edited by benhup (2014-06-27 17:15:14)

flop25 · 2014-06-27 17:12:06

Seriously thank you for your enthiousiasm and your contributions

I suggest you open a ticket in our bugtracker and you post diff/patch files in order to allow us/anyone to apply your changes and so test more efficiently http://piwigo.org/bugs/my_view_page.php

benhup · 2014-06-27 17:43:24

You're welcome,

Issue reported via Bugtracker, as you requested:
http://piwigo.org/bugs/view.php?id=3096

I sent rvelices a private message. I'll await his response on how we can tackle this issue best.

Best regards,
Ben

mistic100 · 2014-06-28 14:42:39

continues here [Forum, topic 24077] URL protection for derivative images, not only for original image

Piwigo.org

Announcement

#1 2014-06-27 12:49:52

URL protection for derivative images/item, not only for original image

#2 2014-06-27 16:36:23

Re: URL protection for derivative images/item, not only for original image

#3 2014-06-27 16:50:27

Re: URL protection for derivative images/item, not only for original image

#4 2014-06-27 17:12:06

Re: URL protection for derivative images/item, not only for original image

#5 2014-06-27 17:43:24

Re: URL protection for derivative images/item, not only for original image

#6 2014-06-28 14:42:39

Re: URL protection for derivative images/item, not only for original image

Board footer