Welcome to Geeklog, Anonymous Friday, December 27 2024 @ 06:39 am EST

Geeklog Forums

Media security


kyngchaos

Anonymous
Is there a script in Geeklog to securely serve media objects? If not, why not?

For something as basic as a story, access to a story is controlled by GL authentication, but any images in a story are still direct links to the image files, and these files' names are easily guessable, in a known location on the site tree.

Images in static pages are not controlled by GL at all, you just upload them into the images dir (or subdir thereof) and use direct links in the static page HTML.

We're starting to do some web design and Flash games for education, and want to provide private client access to work we're doing for them for testing. I can use random text for links, but obscurity is not good security.

Mediagallery is no good - it also uses direct links to media objects. And it really doesn't work for web pages, just the media itself.

I use Dokuwiki as a GL plugin, and it uses a _media.php for all access to page media, but the wiki is only used for internal purposes right now...
 Quote

Status: offline

suprsidr

Forum User
Full Member
Registered: 12/29/04
Posts: 555
Location:Champaign, Illinois
Gallery2 uses such access. And we have a bridge Smile - Sample

But in all truth if I can view it, I can copy/steal it.

-s
FlashYourWeb and Your Gallery with the E2 XML Media Player for Gallery2 - http://www.flashyourweb.com
 Quote

kyngchaos

Anonymous
For media viewing, yes. But no good for a media on a web page, or at least clunky if you can link to media from outside of Gallery2.

It still doesn't address the inherent issue in GL.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
You can move Geeklog's images directory outside of your webroot. Then the getimage.php script will serve the images.

That still doesn't address your issue, but I think that's the way it could be done, i.e. getimage.php could be extended to learn about the permissions of the story the image belongs to. Something like that ...

This needs to be thought through properly. I'd suggest you file a feature request.

bye, Dirk
 Quote

Status: offline

suprsidr

Forum User
Full Member
Registered: 12/29/04
Posts: 555
Location:Champaign, Illinois
But no good for a media on a web page, or at least clunky if you can link to media from outside of Gallery2.

Images are stored in an "image firewall" outside your web root.
And including them in a story is as easy as Using the G2Image button in FCKeditor or autotags or mediaBlock.
Clunky?

-s
FlashYourWeb and Your Gallery with the E2 XML Media Player for Gallery2 - http://www.flashyourweb.com
 Quote

kyngchaos

Anonymous
Clunky?


Maybe I'm just being resistant to yet another plugin. But with a gallery of any kind that provides inline access to media, you have to manually maintain the same privileges between the gallery media and the page(s) you include them on.

 Quote

All times are EST. The time is now 06:39 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content