InfoReviews

ims galleries file permissions?

HomeSupportImage Storeims galleries file permissions?

Tagged: 

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • February 25, 2014 at 12:09 pm #56977
    jcharris
    Participant

    Hi,

    Having a problem with file/directory permissions.

    It seems that if I create a new gallery, anyone can simply point their browser to:

    mysite.com/wp-content/ims_galleries/gallery-123/thefilename.jpg

    …and open/view/download the original file.

    All they would need to know is the fully qualified path to the file name.

    I understand most casual people wouldn’t know this, but is there a way to make the ims_galleries folders a bit more secure… hopefully completely unviewable to the public outside image-store?

    I tried simply changing the permissions for individual files but had no luck.

    Please advise asap.

    February 26, 2014 at 10:51 pm #56997
    Xpark Media
    Keymaster

    @jcharris,

    to make your sites more secure we suggest to modify the galley path in settings > Gallery > “Gallery folder path”. That way only you know where your images are located.

    The plugin is designed not to display the image path to the user. If you want to add additional security you can try to add a .htaccess file in your gallery directory with this code. Note that we did not test the code.

    <Limit GET POST PUT DELETE> 
order deny,allow 
deny from all 
</Limit>
    March 3, 2014 at 12:23 pm #57017
    jcharris
    Participant

    OK, but can you give me the proper Group and File permissions for the image gallery and it’s subdirs?

    I ask because the Scan tab of your gallery uploader was not working until our hosting company changed the Owner of the ims_gallery folder from the Apache account to -my- account.

    So I was able to upload galleries one at a time through your upload tab but NOT have them Scanned into the gallery if they were already on the server.

    When they changed the Owner to my account, I think this made the ims_gallery contents ‘public’ in some way.

    So: I need to know the proper Owner/Group -and- Permissions to prevent this in the future—we have HUNDREDS of galleries to upload.

    If this is somehow ‘private’ can you e-mail me?

    TIA,

    —JC

    March 4, 2014 at 12:55 am #57022
    Xpark Media
    Keymaster

    Each server has different permissions needs and you will need to work with your hosting company.

    To be able to scan and upload images the php script (user) needs read and write access.

    We don’t know if your user is part of the group or you are the owner of that directory only your hosting company or you will know.

    To avoid http access please follow the recommendations on the previous post.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.