Announcement

  •  » Extensions
  •  » Problem with watermark tool.

#1 2013-01-31 19:05:50

c.urrutia
Member
2013-01-31
2

Problem with watermark tool.

Hello, this is my first time here.
I've realized that there's a weak point using watermark tool. There's a way to obtain the original file without the watermark.

The way to obtain the original file is to get de dynamic image url:

/domain.com/i.php?/upload/2013/01/28/20130131000001-66b88f69-me.jpg

and then, you can get the original file url by just deleting two things.

/domain.com/i.php?/upload/2013/01/28/20130131000001-66b88f69-me.jpg
/domain.com/upload/2013/01/28/20130131000001-66b88f69.jpg

By my point of view this is kind of a bug...

Last edited by c.urrutia (2013-01-31 19:06:37)

Offline

 

#2 2013-02-01 01:02:12

pewe
Member
2012-03-16
439

Re: Problem with watermark tool.

To stop this, the upload and galleries directories (where the original images are stored) need protecting to stop direct access.

Offline

 

#3 2013-02-01 04:38:44

c.urrutia
Member
2013-01-31
2

Re: Problem with watermark tool.

pewe wrote:

To stop this, the upload and galleries directories (where the original images are stored) need protecting to stop direct access.

You are right! =)
.htaccess correct this problem, but maybe for unexperienced users that's a difficult solution.
Thanks for your support! =)

I share the way to solve this...

First of all, you need ftp access to your server, then you need to create a users dot-file (to make it hide from the internet) like .htpasswd and a second file named .htaccess (into the folder that you need to protect)

You can fill your users & passwords file (.htpasswd) using this generator: www.htaccesstools.com/htpasswd-generator/

and then, you can copy this into your .htaccess file:

Code:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile .htpasswd
AuthGroupFile /dev/null 
Require valid-user
Order allow,deny
Satisfy any

Last edited by c.urrutia (2013-02-01 04:39:54)

Offline

 

#4 2013-02-01 11:57:05

flop25
Piwigo Team
2006-07-06
7037

Re: Problem with watermark tool.

Hmm much simpler
Deny From All
in the  .htaccess
Since you put a watermark and non one is allowed to see the original that's the best way


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#5 2013-02-02 18:45:32

pewe
Member
2012-03-16
439

Re: Problem with watermark tool.

c.urrutia wrote:

pewe wrote:

To stop this, the upload and galleries directories (where the original images are stored) need protecting to stop direct access.

I share the way to solve this...

If you - or anyone else - is interested I have a script which can be installed on a server and it allows Admin to specify any directory on the server (using an explorer type interface) and add an .htaccess file to it, then allows admin to addd/elete users to any protected directory by creating/adding/updating an .htpassword file for the directory.

If interested, send me a PM.

Offline

 
  •  » Extensions
  •  » Problem with watermark tool.

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2024 · Contact