Security proposition

[zocha]

Hi,

Would it be possible to put automatically an .htaccess file in JPATH_ROOT/images/phocagallery with code like:

Code: Select all

# Note: Having a .htaccess prevents users from directly
# accessing the files in your PhocaGallery folders

deny from all

alongside with "empty" index.html (Joomla standard) and another .htaccess with code like:

Code: Select all

allow from all

within each thumbs folder? Then it would be harder to grab the original images from the page. Now it's very easy to get them.

Łukasz

[Jan]

Hi, I think, the protection should be added by users. I think it depens on users if they will use this protection or not ... (it is not a problem to create such files automatically but what if user get problems becasue of .htaccess files on some servers ) what happens if user have direct link to original image (download link) and he will have there : deny from all ...

???

Jan

[zocha]

Hi,

I agree with you. Sometimes it could be a problem. So could it be an option e.g. turned off by default, but described as security improvement that's not for everybody? Or turned on but when turned off - it would delete all added files. I know it's simplier for me (as far as I know what .htaccess is for) than for many other users...

Best regards,
Łukasz

[Jan]

Hi, I have added it into a feature request list (some procedure need to be found - how to e.g. find all htaccess and delete them if needed, how to add them into all folder and subfolders ...)

Jan

[zocha]

Hi,

I've used system find command, but probably this wont work on all systems.

[Jan]