[pmwiki-users] Security of attachments
mike at widowitz.com
Wed Oct 4 12:45:13 CDT 2006
while most of my wiki is readable to the public, there are a few
selected pages to which only selected people with the right password
should have access. On these pages, I want to show pictures, which of
course are just as sensitive and should not be visible to people without
The problem is that both approaches I tried are not secure:
* If the image is a PmWiki attachment, then this means that it resides
in the PmWiki directory and can be viewed by anyone who knows the image
* If the image is outside the web tree and shown via a script like e.g.
phpThumb, then the user is free to call phpThumb himself to see the
image - again, he only has to know/guess the password and call phpThumb.
What would be a way around this?
More information about the pmwiki-users