i tried to block direct access with htaccess but its still not working.
We need to have direct image access blocked so its more secure. ill be using my system to manage sensitive images and would like to insure there security

if i navigate to an image and right click on that image and open in new tab i can see the link and the image.
https://<sitename>/upload/<year>/<month>/<day>/<image name>
this is a security flaw.
i need this to be more random and not accessible outside the application.
meaning if i create a script to make random names i can see all the images in the site and know when there uploaded. NOT GOOD.

when i block it with htaccess it disables me on the site also.

im no expert but maybe something like this?
https://stackoverflow.com/questions/399 … -to-images

Last edited by bluebrad (2022-11-01 19:36:46)

what im looking at is making the system secure to only logged in users.
This way it will protect against robot extractions. or the illegal shares of images.
i feel this should be apart of the system by default.

i have replayed to this on GITHUB [Github] Piwigo issue #1349

allowing the URL to be open to scraping allows any images marked for login access still available to attack.

erAck wrote:

bluebrad wrote:

ill be using my system to manage sensitive images and would like to insure there security [...] i need this to be more random and not accessible outside the application.Then Piwigo is not the right system for you.