[pmwiki-users] Securing images

Lindsay Todd toddr at rpi.edu
Fri Jan 12 17:21:51 CST 2007


kirpi at kirpi.it wrote:
>> Neil:
>> That seems to work really well (better than I expected!!) and it is as
>> safe as any other Apache BA protected page.
>>
>> Not sure about the upload question. I'd like to know the answer myself!
>>     
>
> Yes, Neil, that's the key point, the one I'm stuck at since a while:
> this solution, though technically working (images *are* protected),
> does not integrate with pmwiki (upload) handling...
>
> Unless...
>
> Unless what?
> Does anybody has an idea, please?
>
>   
How about configuring pmwiki so that each group, or even each page, had 
its own subdirectory within the upload folder?  Then those could be 
protected using HTTP authentication.

Something I've not tried would be to set $EnableDirectDownload=0 in 
config.php, but if I understand that correctly, it would cause pmwiki's 
normal authentication settings to be used to control access to uploads.  
Possibly this could be set only for a group or page?  You would still 
need to be sure that HTTP doesn't have direct access to the upload 
folder (or group within the folder).

/Lindsay

-- 
R. Lindsay Todd                      email: toddr at rpi.edu
Senior Systems Programmer            phone: 518-276-2605
Rensselaer Polytechnic Institute     fax:   518-276-2809
Troy, NY 12180-3590                  WWW:   http://www.rpi.edu/~toddr

The views, opinions, and judgments expressed in this message are
solely those of the author. The message contents have not been
reviewed or approved by Rensselaer.





More information about the pmwiki-users mailing list