Open timpx opened 9 years ago
I solved this problem with my photo browser: https://github.com/djmattyg007/pictorials
It lets you store your photos outside of the web root, and implements an access layer on top to ensure direct access to image URLs is not possible.
ok thanks
Fun fact, Facebook as the same problem as PhotoShow with regards to this.
mmh, I would have expect facebook to be better than PhotoShow on this, according to their budget. But it's probably a feature, not a bug, knowing facebook love for privacy :)
Hi there, I'm not sure if this a problem with photoshow or my server configuration, but let's try. Let say I have a photo "b.JPG" in a private directory "a", even if not logged in I can access the photo via the url "https://photoshow_website/?f=a%2Fb.JPG". I have put the Photos directory in /var/www/ with www-data as owner of the directory (apache/debian) Any ideas how to avoid this unauthorized access via url?