Page 1 of 1
Security proposition
Posted: 16 Jan 2009, 12:06
by zocha
Hi,
Would it be possible to put automatically an .htaccess file in JPATH_ROOT/images/phocagallery with code like:
Code: Select all
# Note: Having a .htaccess prevents users from directly
# accessing the files in your PhocaGallery folders
deny from all
alongside with "empty" index.html (Joomla standard) and another .htaccess with code like:
within each thumbs folder? Then it would be harder to grab the original images from the page. Now it's very easy to get them.
Łukasz
Re: Security proposition
Posted: 17 Jan 2009, 02:10
by Jan
Hi, I think, the protection should be added by users. I think it depens on users if they will use this protection or not ... (it is not a problem to create such files automatically but what if user get problems becasue of .htaccess files
on some servers ) what happens if user have direct link to original image (download link) and he will have there : deny from all ...
???
Jan
Re: Security proposition
Posted: 19 Jan 2009, 13:24
by zocha
Hi,
I agree with you. Sometimes it could be a problem. So could it be an option e.g. turned off by default, but described as security improvement that's not for everybody? Or turned on but when turned off - it would delete all added files. I know it's simplier for me (as far as I know what .htaccess is for) than for many other users...
Best regards,
Łukasz
Re: Security proposition
Posted: 20 Jan 2009, 01:55
by Jan
Hi, I have added it into a feature request list (some procedure need to be found - how to e.g. find all htaccess and delete them if needed, how to add them into all folder and subfolders ...)
Jan
Re: Security proposition
Posted: 21 Jan 2009, 00:48
by zocha
Hi,
I've used system find command, but probably this wont work on all systems.
Re: Security proposition
Posted: 22 Jan 2009, 00:19
by Jan