I know an another alternative, but I don't recommend it.

Gallery3 is secure, using .htaccess for every picture access.

I hope, that piwigo will be changed. The feature can be optional for all people who need it.

Kalle,

Here is a direct link to a 'Small' image created for a gallery in Piwigo.

http://remotetutorials.com/photos/_data … 693-sm.jpg

Try accessing it and you will be asked to login. Login using the e-mail address kalle@ukf.com and password letmein.

When you log in you will go to the gallery main page and you should now be able to view the gallery.

o log out, you go to this page at any time, and you will no longer have access to the gallery.

http://remotetutorials.com/phpmembers/

What I have done is blocked access to the gallery and subdirectories which can only be accessed by registered users - not Piwigo registered users, but people registered in another way using a 'protection' package.

Is that the sort of thing you want?

Last edited by pewe (2013-01-24 20:07:44)

That should not be a problem.

The 'protection' is at the main Piwigo root directory level, and once the authorised user is logged in a cookie is set to allow continued access to the directory until they log out.

Once they have access to the Piwigo main page, they then need to 'register' as a user in Piwigo as would be the case if the 'protection' was not there and you administer them as users in Piwigo in the normal way..

All plug-ins should work as if there was no protection - once they are logged in.

You can download the protection script and try it.

It is here
http://www.phpmembers.com/download.html
take the free version.

Installation instructions are here
http://www.phpmembers.com/installation-guide.html

If you install it to its own directory, it cannot 'break' your Piwigo installation as setting up protection simply puts a configured .htaccess file in the protected directory (in this case the Piwigo root folder) to prevent access to the pages in the directory except to authorised users.
You can remove the protection either using the software admin, or by using fp to delete the .htaccess file it creates.

As we already answer
*phpmembers can be bypassed by a simple cookie (but we might use the same system to avoid stupid newbies posting private images)
*currently and on my knowledge only G3 offers such a full protection. We don't do this because: that's so heavy for the server, and depend a lot on server specs/settings. And it's heavy for the user because -when I tested- the user was disconnected soo many times during the visit
*even massive website like Fb or Google doesn't have such a protection: that's not a reason but that's a prove that's not obvious at all

Edit: my advice
Upgrade to 2.5 and set
$conf['original_url_protection'] = 'images';
Then use watermarks and/or don't set too large image size

Hi:

I can set the path to the folder "_data" outside www?

Last edited by damufo (2013-03-01 15:11:09)

flop25 wrote:

*currently and on my knowledge only G3 offers such a full protection. We don't do this because: that's so heavy for the server, and depend a lot on server specs/settings. And it's heavy for the user because -when I tested- the user was disconnected soo many times during the visit
*even massive website like Fb or Google doesn't have such a protection: that's not a reason but that's a prove that's not obvious at all

Don't compare to Fb or Google please, they are commercial and does not have priority on security and privacy.

mistic100 wrote:

Well if your read the other thread you understood that is difficult technically (and generates high server load for big galleries)

There are many ways to achieve that but any of them if suitable for all servers.

As you said if nobody in your family give the URL there is no chance someone find it by itself (there is a random string in filename if photos are uploaded through the web-form or any remote application).

Could we talk a little about that "random string in filename"?  I could have sworn I used the regular uploader (maybe not), but my main gallery is using image URLs without that random string.

Do non-virtual albums mean that the names will never be randomized?  Is the protection of hashed/randomized names something we give up if we populate albums via ftp?

On a related note, the security of this technique interested me, and I found the following response on Quora from a purported Facebook developer about how their CDN considers direct URLs:

Peter Ruibal, Software Engineer, Facebook CDN

Thanks for asking this question.  Our whitehat queue gets so many questions that sometimes we don't explain in enough detail.  Hopefully this discussion can help serve as an FAQ.

Those additional portions of the image url you mention *are* the authentication for the image.  They don't authenticate you but instead authenticate that the url was originally served from Facebook where it was subject to privacy checks.  Privacy checks on Facebook only serve the full image url to people you've specified. Essentially, the facebook.com portion of the site uses an Access control list security model while the CDN portion of the site uses a Capability-based security model.  Once your friends have the photo, they can save a copy of the photo itself and share that or share the full image url with others -- the two are equivalent for most purposes.  I trust my friends to do reasonable things.

You're right that sometimes one of your friends might inadvertently leak the photo fbid without leaking the full image url (e.g., forwarding the page (not image) url not realizing the recipient cannot see the photo).  Even with the photo fbid, you have to brute force the remaining portion of the url.  That remaining portion has 2**45 combinations that needs to be guessed correctly (that's 35,184,372,088,832 possible values).  In the far more common case where someone hasn't leaked the photo fbid, there's many, many more combinations (the photo fbid is a 64-bit number, but because it's not totally random, it adds less than 64 bits of randomness).  Also, we just finished a major data migration, so that third field will soon be 63 bits on new photos rather than 31.

Insecure networks and proxies are important but orthogonal to this question about CDN urls.  It's definitely worth verifying that you're using https to avoid insecure networks.  Most Facebook users are using https, but you can check your "Secure Browsing" settings at https://www.facebook.com/setting...

So why use Akamai or a CDN at all?  Why not just serve photos directly from Facebook's servers where they're stored?  CDN caches are installed in ISPs' networks close to you so the bandwidth stays local to your ISP and you get the content faster.  ISPs can't handle installing separate servers for every popular web site. Instead, they just work with a handful of well-known CDN providers -- and occasionally big companies building their own CDNs.

Frankly it still strikes me as a little crazy security-through-obscurity to never have images really private, even with all the native user management controls in place, but I begin to understand it.