View Documentation
|
||
Mask URLs: |
||
This plugin adds the ability to mask or hide the actual file location of your pictures...
Normally the delivered html contains <img> tags that can be read to find your photo locations and directory structure.
As the photos are delivered via <img> tags, http access must be provided to the album folder (and subfolders).
This allows curious (or malicious) users an easy opportunity to find your pictures and download them.
But what if the delivered html looked like this: <img src="index.php?file=maskurl/displayimage&photokey=8dOgllfG1PqJQwj0%2BNuSOMuDNKC%2B14ABd6Rfn7nhZNXVaB9bn0V1IOUTZ%2FGw" ...> Since the path to the albums directory is configurable (doesn't have to be 'albums/') and of course you can have any subfolder structure you want... the task of locating your pictures files is made harder... to near impossible (based on your choices configuring the plugin).
Options to 'mask' or 'encrypt' the path to photos are offered.
These options appear to have similar results - but the algorithm used has quite different results.
The masking can be decoded by anyone that can read/understand the PHP being used (access to this plugin's source).
The encryption requires encryption keys and initialization vectors that would require access to specific fields in your Coppermine database
in addition to the PHP code to be able to reverse. The encryption option will use more CPU resources - but provides better protection.
An additional benefit if masking/encrypting is that http access to the albums directory is no longer required... All CPG functions generating the picture
URL drive this plugin, and all will be changed. As a result, a .htaccess file can be placed in the albums directory denying all access - providing additonal
protecting for your photos. A sample .htaccess file is included in the plugin directory - named .htaccess.txt - this needs to be copied to the albums directory
and named .htaccess if you wish to use it. All filetypes permitted by CPG are supported (based on the contents of cpg15x_filetypes table). Proper additions to that table will be automatically recognized by the plugin and supported. The 'mime' type must be correctly specified in that table! |
||
Installation: |
||
Unzip the distribution files and upload the contents (including folder maskurl) to your plugins directory.
In admin mode, select Plugin Manager, and click install next to this plugin.
|
||
Uninstall: |
||
Select Plugin Manager, and click uninstall next to this plugin. The normal plugin manager confirmation will be displayed - Click 'OK' to uninstall. |
||
Configuration: |
||
Select configure on this plugin from Plugin Manager. Select appropriate check boxes, based on preferences. Setting Descriptions:
As part of validation, the plugin will verify encryption functions are available, and the requested encryption algorithm and mode is
installed. The plugin will install in any event, but selection of 'Encrypt URL' will not be available. Additional messages will
indicate the error - and provide the requested algorithm and mode, and those available in your installation. |
||
Execution: |
||
Plugin will be invoked (assuming Plugin API is active) anytime a picture url is generated by CPG. You can see the effect of this plugin at http://gallery.gmcdesign.com running with a variation of this plugin set to encrypt urls and the .htaccess protection in place. |
||
|
||
Your comments are welcome. I hope you find this useful. Greg (gmc on the CPG forum) |