Hi all,
i just installed Piwigo 7.1 and like it a lot, but i am concerned about this security issue: When i know a direct URL of a photo, i can watch/download it and the builtin user rights are overridden.
How to protect this? Is there a prepared .htaccess somewhere and where to put it?
Also i was wondering, why there are 3 folders with photos in it: _data, galleries and upload ? Can i put it into 1 photo directory only somehow?
And finally: Do i need to do something so that nobody can repeat the install.php?
Offline
Hello
please search before asking ; those has been answered many times before. for yourself you would get the answer directly and for us it's more time to improve Piwigo
deny for all, local config
temporary folder, ftp+synchro folder, other uploads folder
No ; nobody can redo the process
Offline
Sorry! - You are right and in the meantime i found this and it works for me:
http://piwigo.org/forum/viewtopic.php?p … 53#p155153
I just didn't have an idea what to search for. And i really think, that this local config file and the .htaccess should be shipped and installed during installation. It makes it safer.
And - maybe you have reasons like permissions that i dont know, but i would prefer to have this 3 folders under 1 root - nowi have to put .htaccess 3x - ok it's not a big issue, but it's morelikely so to forget one of the 3
Anyway - thanks for this really good web gallery!
Offline