Announcement

#1 2020-11-18 06:13:23

boog85
Member
2020-11-18
3

How to prevent access to photos without logging in

Hey Piwigo Community,

I am 2 days into trying out Piwigo and I really like it. Recently Google Photos announced in June 2021 they will stop allowing for free hosting of high quality images with unlimited storage. So I began my search for my alternative and landed on Piwigo thus far.

So far everything has been great. I am now trying to better understand the best way to lock down the environment. I've added tools to help protect/monitor the server itself, but now I am looking to a guide/advice/information about locking down Piwigo itself. I followed the tours and that was very helpful. My biggest question/concern right now how to prevent someone from just guessing URL and having the image be served.

As an example, I can just hit this URL (i've generalized it a bit) in any browser without being prompted for any type of login in.
https://memories.mydomain.com:2113/i.ph … 011-xx.jpg

I have a symlink (vault/2007/....) to a mounted NAS and have been synchronizing the albums in. Do I just have my nginx config too loose or is there something more piwigo can do?

I searched a bit and found this plugin (https://github.com/yonjah/piwigo_privacy), but step one is modifying a file "local/config/config.inc.php" which I do not have in my piwigo install, so I wasn't sure if it is still current.

Anyways, love the product thus far, just looking for a guide/advice/help how to lock it down a bit more.

Last edited by boog85 (2020-11-18 06:14:19)

Offline

 

#2 2020-11-18 18:15:24

piwent
Member
2020-10-24
94

Re: How to prevent access to photos without logging in

Welcome to Piwigo!

I believe you need to use the "LocalFiles Editor" plugin to modify that config file. When you get to the right place, you'll see the message:

Code:

/* The file does not exist until some information is entered 
below. Once information is entered and saved, the file will be created. */

I don't think you need a plugin to do what you want. In that Local Files Editor, just add

Code:

$conf['guest_access'] = false;

and it should require logging in to see any files.

I also believe that hotlinking is not possible as the file names are hashed. But I don't know if that is true for files added the way you have done (it is for me but I only use the web uploader).

Hopefully someone more knowledgeable than I am can help you out. It's not a high volume forum, but eventually you will get an answer.

Offline

 

#3 2020-11-18 19:48:50

Crythes
Member
2020-01-23
85

Re: How to prevent access to photos without logging in

I also believe that hotlinking is not possible as the file names are hashed.

I don't think so. You can right click on an image, select copy image address and paste it into you browser and it opens just fine.

Offline

 

#4 2020-11-19 01:55:31

piwent
Member
2020-10-24
94

Re: How to prevent access to photos without logging in

Crythes wrote:

I don't think so. You can right click on an image, select copy image address and paste it into you browser and it opens just fine.

Sorry. You are correct. It seems the file names are hashed, but you can indeed just save the link.

Offline

 

#5 2020-11-19 05:53:48

boog85
Member
2020-11-18
3

Re: How to prevent access to photos without logging in

Thanks for following up.

I did try out your suggestion, and it didn't quite do what I wanted. The good news is, I learned where that local file is, which enabled me to try out the plugin I linked in the original post.

So after enabling the plugin, I noticed when I right click on an image in the gallery, the new link looks different than the old link.

new:
memories.mydomain.com:2113/plugins/piwigo_privacy/get.php?img_id=3368&file=_data/i/vault/2007/2007/BabyConnor/00011-xx.jpg

old:
memories.mydomain.com:2113/i.php?/vault/2007/2007/BabyConnor/00011-xx.jpg

So then following the next steps of updating my nginx config. Now the old link stops working, and the new link does indeed require authentication.

So I think for me, this accomplished what I set off to do.

Last edited by boog85 (2020-11-19 05:54:30)

Offline

 

#6 2020-11-19 13:03:14

erAck
Only trying to help
2015-09-06
1504

Re: How to prevent access to photos without logging in

Might be worth to try if also

memories.mydomain.com:2113/_data/i/vault/2007/2007/BabyConnor/00011-xx.jpg

doesn't load (or whatever path the image is actually stored).

However, Piwigo is a gallery to *publish* pictures, not to lock them away behind a barb wired wall. If you can't trust even your users who do have login credentials to not pass on an image deep link, then why would you trust them to not pass on the login credentials?


Running Piwigo at https://erack.net/gallery/

Offline

 

#7 2020-11-19 23:47:01

boog85
Member
2020-11-18
3

Re: How to prevent access to photos without logging in

I checked the mentioned URL and it is not displaying anything, so thanks for helping me lock it down. For me, hosting Piwigo is my answer to no longer using Google Photos. After they announced that June 2021 change about free storage, I needed to find a replacement.

I have 2 users (my wife and I) and I mostly wanted to make sure I wasn't leaving the site too open. Thus far its looking like a very workable solution.

If I can figure out how to automate the synchronization process, then I think I have exactly what I need. I see there is some batch functionality, I am going to explore that next.

Thanks all for the thoughts.

Offline

 

#8 2021-01-28 11:22:26

hbo;
Member
2021-01-28
1

Re: How to prevent access to photos without logging in

Hello everyone,

I'd like to follow up on this, just because there are some points I do not completely understand. I alerady read a lot about the settings, to secure a Piwigo installation and i.php issue.

What I did so far:

- install and setting up Piwigo; setup users, store some photos
- in local conf I've set:

Code:

$conf['guest_access'] = false;
$conf['original_url_protection'] = 'all';
$conf['derivative_url_style'] = 2;

- deny access to /upload and /data/i/upload folders via .htaccess

So everything is up and working fine. Nevertheless individual pictures are accessable by everyone who knows the direct link served by i.php like it was mentioned before in several places.

First, I'm not able to say, what's the risk with that!? There was talked about "(un)guessable URLs", but storage is following a strict pattern. So I think that might be not that hard. Further consideration is, if search engines, spiders, crawlers or bots might grab the images just by trying out all URLs??

Can someone put a spotlight on the risk and chances of the i.php for me?
Maybe somebody from the team might also explain the decision to go that way for i.php!? Actually I don't understand why Piwigo have Login, User Roles, Groups and Permissions while they can be bypassed that easy way (or not that easy depending on answers to above)?
Would it be that hard to implement authentication in i.php like all other scripts seems to have? Is there a technical reason?

Regarding piwigo_privacy plugin: I also tried this, but had some struggle to get adavnced mode running. Then I recognized that Piwigo Android App doesn't wotk with the plugin. So I removed it.

I'm lookong forward to some answers.

Thanks in advance,

hbo;

Last edited by hbo; (2021-01-28 11:25:58)

Offline

 

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2022 · Contact