Securing the albums directory

casilvr

Joined: 2002-10-28
Posts: 11

Posted: Sun, 2002-11-03 18:57

I would like to allow only certain people to see a couple of my albums. Is there any way to secure the albums directory? I know from within Gallery you can set up permissions and force a login however that doesn't stop someone from going directly to the /albums directory. I have tried chmod and protecting the directory but both cause Gallery to fail. One way that I thought may work is to protect the directory then have Gallery pass the directory password as an argument but I am not sure where to make those changes. Anyone have any ideas?

Gaile

Joined: 2002-07-20
Posts: 1301

Posted: Mon, 2002-11-04 06:38

Quote:

I would like to allow only certain people to see a couple of my albums. Is there any way to secure the albums directory?

Not the albums directory per se, but you can set the permissions for any of the albums you wish to only have viewed by certain people or groups, and no-one will see those albums even exist unless they are logged in under the names you have given viewing permission to.

Is that what you want to do? If that's the case, log in as admin and click on permissions for whatever album(s) you wish to password protect.

casilvr

Joined: 2002-10-28
Posts: 11

Posted: Mon, 2002-11-04 10:01

Thanks for the reply. The Admin permissions work fine if a user is inside gallery. What I want to prevent is someone bypassing gallery altogether and just going directly to the albums directory. i.e. http://www.domain.com/albums/. Right now if you do that on my domain, you see a listing of all the albums and photos within them. I checked out a few other domains that are using gallery to see if I could get to their album directory. I couldn't so now I am wondering if I set Gallery up wrong. Where should the albums directory reside? In the root at the same level as Gallery or as a subdirectory within Gallery?

BorgKing

Joined: 2002-09-12
Posts: 314

Posted: Mon, 2002-11-04 18:53

You should turn off the option to browse a directory! With that turned off users won't be able to browse your files. If they know the exact filename, they can still download the file, though, but in practice this is almost impossible.

Gaile

Joined: 2002-07-20
Posts: 1301

Posted: Mon, 2002-11-04 18:59

Hi again

My album directory is nested within my gallery directory - but I'm not sure that's your problem.

Most servers are configured so that directory browsing is not allowed, but since yours obviously isn't, try adding this line to the .htaccess (at the root level for your domain), and it will protect all of the directories you might not have index files in.

Here's what you add:

IndexIgnore */*

-------------------------

That should do the trick! :smile:

casilvr

Joined: 2002-10-28
Posts: 11

Posted: Tue, 2002-11-05 19:09

Quote:

Here's what you add:

IndexIgnore */*

That did the trick! Thank you! It still opens the index directory but you can't see the files. That's good enough!

Thanks again! :smile:

casilvr Joined: 2002-10-28 Posts: 11	Posted: Sun, 2002-11-03 18:57
	I would like to allow only certain people to see a couple of my albums. Is there any way to secure the albums directory? I know from within Gallery you can set up permissions and force a login however that doesn't stop someone from going directly to the /albums directory. I have tried chmod and protecting the directory but both cause Gallery to fail. One way that I thought may work is to protect the directory then have Gallery pass the directory password as an argument but I am not sure where to make those changes. Anyone have any ideas?
	XUser login Username: * Password: * Create new account Request new password
Gaile Joined: 2002-07-20 Posts: 1301	Posted: Mon, 2002-11-04 06:38
	Quote: I would like to allow only certain people to see a couple of my albums. Is there any way to secure the albums directory? Not the albums directory per se, but you can set the permissions for any of the albums you wish to only have viewed by certain people or groups, and no-one will see those albums even exist unless they are logged in under the names you have given viewing permission to. Is that what you want to do? If that's the case, log in as admin and click on permissions for whatever album(s) you wish to password protect.

casilvr Joined: 2002-10-28 Posts: 11	Posted: Mon, 2002-11-04 10:01
	Thanks for the reply. The Admin permissions work fine if a user is inside gallery. What I want to prevent is someone bypassing gallery altogether and just going directly to the albums directory. i.e. http://www.domain.com/albums/. Right now if you do that on my domain, you see a listing of all the albums and photos within them. I checked out a few other domains that are using gallery to see if I could get to their album directory. I couldn't so now I am wondering if I set Gallery up wrong. Where should the albums directory reside? In the root at the same level as Gallery or as a subdirectory within Gallery?

BorgKing Joined: 2002-09-12 Posts: 314	Posted: Mon, 2002-11-04 18:53
	You should turn off the option to browse a directory! With that turned off users won't be able to browse your files. If they know the exact filename, they can still download the file, though, but in practice this is almost impossible.

Gaile Joined: 2002-07-20 Posts: 1301	Posted: Mon, 2002-11-04 18:59
	Hi again My album directory is nested within my gallery directory - but I'm not sure that's your problem. Most servers are configured so that directory browsing is not allowed, but since yours obviously isn't, try adding this line to the .htaccess (at the root level for your domain), and it will protect all of the directories you might not have index files in. Here's what you add: IndexIgnore / ------------------------- That should do the trick! :smile:

casilvr Joined: 2002-10-28 Posts: 11	Posted: Tue, 2002-11-05 19:09
	Quote: Here's what you add: IndexIgnore / That did the trick! Thank you! It still opens the index directory but you can't see the files. That's good enough! Thanks again! :smile:

Securing the albums directory

XUser login