Announcement

  •  » Engine
  •  » original protection

#16 2013-08-19 16:53:36

flop25
Piwigo Team
2006-07-06
7037

Re: original protection

hi

http://piwigo.org/releases/2.5.0#protection

GOPIWI wrote:

is this FAQ entry still relevant then? I see no mention of $conf['original_url_protection'] there, so how does this relate?

as it's written it's about the hot-linking and the 2.4 update


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#17 2013-08-19 17:50:22

GOPIWI
Member
2013-08-19
27

Re: original protection

Hi,

flop25 wrote:

http://piwigo.org/releases/2.5.0#protection

ah, ok, it´s hidden in the release notes, ok, thanks! Should go into the installation docs!

as it's written it's about the hot-linking and the 2.4 update

yes, as is written, right you are! The question was: how does this relate?

I guess, the information in this FAQ entry is obsolete for 2.5 then? If yes, this should be marked somehow. If not, ok, then the answer is "no relation at all".

We hit a wall here with the documentation concept: there is no clear differentiation between versions - but I will write this as a request to a separate thread to keep on topic here.

Thanks for the hint and for your attention,
have a nice day,
John

Offline

 

#18 2013-08-19 17:59:41

flop25
Piwigo Team
2006-07-06
7037

Re: original protection

Hi
we recruit voluntaries for improving the English wiki, because unfortunately that's a bit too frenchy project ^^, so if you want


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#19 2013-08-19 22:27:57

GOPIWI
Member
2013-08-19
27

Re: original protection

Hi,

bob (and others reading this), no reason to be shocked: if you have a private ONLY gallery, you could still use http authentication to protect your whole gallery, see e.g. here

Have a nice day,
John

Offline

 

#20 2013-08-19 23:17:21

GOPIWI
Member
2013-08-19
27

Re: original protection

Hi,

I just learned that piwigo supports http authentication - just use 

Code:

$conf['apache_authentication'] = true;

in your config.

Please read on here:

http://piwigo.org/forum/viewtopic.php?p … 02#p145502

Have a nice day,
John

Offline

 

#21 2013-11-06 14:04:27

BrightEyesDavid
Member
Cologne, Germany
2012-04-29
3

Re: original protection

I'm using a fresh install of Piwigo 2.5.3. I've created 'local/config/config.inc.php', and inserted the following:

Code:

<?php
$conf['original_url_protection'] = 'all';
?>

However, when I inspect the HTML, the img tag src attributes are still pointing directly to the files ('_data/...') and not to 'action.php?'. I've also tried using 'images' instead of 'all'.

I've enabled the LocalFiles Editor, and it shows the above code when loading the admin page.

Is there anything special I need to do to get this change to take effect? Thanks for any guidance you can give.

Last edited by BrightEyesDavid (2013-11-06 14:09:57)

Offline

 

#22 2013-11-06 14:15:27

rvelices
Piwigo Team
2005-12-29
1960

Re: original protection

It protects only originals not generated sizes in data

Offline

 

#23 2013-11-06 14:24:20

BrightEyesDavid
Member
Cologne, Germany
2012-04-29
3

Re: original protection

Ah, I see. Thanks for clarifying that.

That's a shame. Assuming there's currently no way to have Piwigo use PHP-served images for generated sizes (allowing for all '_data/*' URLs to be blocked via the webserver, e.g. .htaccess), I see this as a major gap in basic security options. Are there plans to provide for this option?

Offline

 
  •  » Engine
  •  » original protection

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2022 · Contact