Topic closed
Pages: 1
Hi community!,
Currently the original image can be protected by enabling
$conf['original_url_protection'] = 'images';
Derivative/resized images can still be accessed directly, even with original_url_protection enabled.
You don't have to be logged in to access derivative images.
I already created some (although not perfect) code to allow action.php to parse derivative images, see:
http://piwigo.org/forum/viewtopic.php?pid=152403
Coming from Gallery2, I really like to share photo albums with friends in a secure way.
I find it unacceptable to tell friends that my and their photo's can be accessed by anyone with a direct URL.
Having all images and non-images run thru action.php makes sure that someone needs to be logged in, before access is granted. To finish it I add "Deny from all" to .htaccess in /_data/i/galleries/ and /galleries/ and we have closed a security issue in Piwigo!
This feature will be much appreciated by certainly current/old Gallery2 users.
So, who is willing to pick this up? Or if you want to make it a joint effort: please help me out. I have little knowledge about Piwigo code, apart from fiddling with it the last days.
I appreciate your response!
Piwigo version: 2.6.3
Best regards,
Ben
Offline
Hi
I tried Gallery and it system protection: I found it very heavy in ressource consumption. That's certainly why the other giant of the internet doesn't do it, but they are not particulary concerned about privacy
I had issues also with intenpestive logout when using this mode...
That's why we randomized the file names when uploading; that's a compromize
Offline
Hi flop25,
Gallery2 has some performance issues, that's for sure!
Gallery2 is heavy indeed.
I'd love to fully migrate to Piwigo. I looked at Piwigo before when 2.4, and now again at 2.6.
Before 2.4 the derivatives were stored inside the original directories. That was certainly no good as my photo directory is read-only for Apache... Security reasons... With Piwigo 2.4+ that issue is solved.
I'm fully happy with Piwigo 2.6, except this last eeny-meeny last thingy: security with URL protection, only allowing logged in users to access files.
So far (with my adaptions) I have not noticed any big slow downs. Most certainly not the slowness of Gallery2!
I'll leave Gallery 2 for Piwigo when URL protection on all files is implemented, and I'm happy to help :)
Last edited by benhup (2014-06-27 17:15:14)
Offline
Seriously thank you for your enthiousiasm and your contributions
I suggest you open a ticket in our bugtracker and you post diff/patch files in order to allow us/anyone to apply your changes and so test more efficiently http://piwigo.org/bugs/my_view_page.php
Offline
You're welcome,
Issue reported via Bugtracker, as you requested:
http://piwigo.org/bugs/view.php?id=3096
I sent rvelices a private message. I'll await his response on how we can tackle this issue best.
Best regards,
Ben
Offline
Offline
Pages: 1
Topic closed