I am a photographer/engineer/programmer and I am using Piwigo as a proofing software. After a photo shoot I create a new user for my client, create a new private album, give them permission to only their albums, and upload their photos to their album.
This works great! They can log in and only see their albums/photos.
I do some boudoir/nude photography and so keeping these images secure is important to me (and the client). I understand there are risks that people can get the passwords and get into the albums, etc... Nothing online is completely secure. I understand...
The one thing that concerns me is that the image files themselves are not protected in any way. While the album is private, the actual JPG files are public. So if I posted the URL to a image that is in a private gallery, you all could see it with no problem.
Is there a way to prevent access to the JPG files themselves unless the user is logged in and has permissions to see the specific file?
I am thinking the URL to the photos should be a PHP script that checks permissions and serves up the binary data from the file if the user is logged in, or a dummy file if not.
Does something like this already exist? Or am I going to have to start coding? :)
Thank you,
Jared
This topic comes up regularly on the Forum.
If you do some searches you will find various topics about it, but in the end it comes down to how 'secure' you want your photos to be versus the effort you want to put your clients to.
Here is a link to some work I did on this a while ago
http://piwigo.remotetutorials.com/
Go to the 'About Albums=>Album Protection' link.
Hope that helps.
Offline
pewe wrote:
If you do some searches you will find various topics about it, but in the end it comes down to how 'secure' you want your photos to be versus the effort you want to put your clients to.
+1
Offline
Thanks Pewe!