No problem, except "Sod's Law" the url is down at present, and I don't know if it's temporary or permanent. I had a quick search, and found this one, which is one of the more user friendly tutorials.
http://www.besthostratings.com/articles ... ction.html
Cheers,
Cavey
X3Photo Gallery Forums
X3 Photo Gallery Support Forums
Password protection49 postsPage 4 of 4
Hi Nick,
Sorry for the late reply, been away... You're absolutely right, this is an "inconvenience" and does come up when logged into the admin panel. Naturally this happens when you access a folder which has an .htaccess file at that level. It obviously doesn't care from which angle you plan to access the file/folder...
I have also taken the opportunity to do some research and probably the best way to tackle the "frontend/public" security is also through a php (http authentication) script. This would cater for customers of most platforms or web hosts, including those customers hosting themselves, via IIS/windows. I would even go as far to say use PHP with MySQL databases. That way you have so much more flexibility and security. However I do believe this isn't an avenue you really want your product to take (bearing in mind the knowledge your average customer would need to know to set up MySQL databases. This may put off customer purchasing your product).
If that former is the case, I would recommend looking at the option of putting the bulk of your product files outside the public_html/www and have the successful php authentication redirect to these files. That way the public can't see them without credentials... You could have 2 php login scripts.... One to the admin GUI (already present), the other to the public side (so to speak). Also based on your public login, it would determine what frontend folder level that individual could see....
The only problem with the last paragraph is providing a single solution for those customers who couldn't care about frontend viewing restrictions, aswell as myself and others who want such a feature....
I hope this post helps to a certain degree.
Cheers,
Cavey
Sorry for the late reply, been away... You're absolutely right, this is an "inconvenience" and does come up when logged into the admin panel. Naturally this happens when you access a folder which has an .htaccess file at that level. It obviously doesn't care from which angle you plan to access the file/folder...
I have also taken the opportunity to do some research and probably the best way to tackle the "frontend/public" security is also through a php (http authentication) script. This would cater for customers of most platforms or web hosts, including those customers hosting themselves, via IIS/windows. I would even go as far to say use PHP with MySQL databases. That way you have so much more flexibility and security. However I do believe this isn't an avenue you really want your product to take (bearing in mind the knowledge your average customer would need to know to set up MySQL databases. This may put off customer purchasing your product).
If that former is the case, I would recommend looking at the option of putting the bulk of your product files outside the public_html/www and have the successful php authentication redirect to these files. That way the public can't see them without credentials... You could have 2 php login scripts.... One to the admin GUI (already present), the other to the public side (so to speak). Also based on your public login, it would determine what frontend folder level that individual could see....
The only problem with the last paragraph is providing a single solution for those customers who couldn't care about frontend viewing restrictions, aswell as myself and others who want such a feature....
I hope this post helps to a certain degree.
Cheers,
Cavey
So in the end we need passwords one way or another. How we can do that?
1. .htaccess
2. php wrappers
3. Database
4. Something simple like not returning file listing till you get the password right
Let's take a closer look at those methods:
1. .htaccess
Apache access-control
pro:
1. .htaccess
2. php wrappers
3. Database
4. Something simple like not returning file listing till you get the password right
Let's take a closer look at those methods:
1. .htaccess
Apache access-control
pro:
- * True protection, if you dont have password you have to way to get to the images even if you know their paths
- * Works only with Apache (which is the most popular server anyway)
- * Needs php wrappers anyway to work around 'inconveniences' in gallery and admin
* Gotta add some workaround to Flash gallery to prevent multiple password popups if you didn't get the password right
* Html gallery should use ajax or some workarounds too
2. php wrappers
Access files through some getfile.php
pro:- * True protection, files can even be hidden by hashing thier filenames
* Full control on what is being returned and how
* Can be integrated with thumbnails creation
- * Wrappers increase server load, for popular galleries with many images on an average hosting this might be little bit too much. To party alleviate this wrappers can be used only in admin and protected folders.
* We had this system from like day one and it even created thumbnails on-the-fly, just upload images and you're set. Unfortunately people were complaining that their servers don't like it. Actually no big sites that can afford their own data centers like flickr or google picasa do not use wrappers. The overhead is just too big.
3. Database
Now we're getting somewhere.
pro:- * True protection
* Works everywhere
* No overhead
- * This might be the only point actually: Imagevue is XML/File system based gallery. Like it or not. Moving to Database means having separate product, some Imagevue3 if you want.
* And our users might be not in the mood for database stuff.
4. Not return the file list till user enters the right password
Works like this - when you click on folder it asks you the password. If you didnt get it right you just won't get file listing from server.
pro:- * Works everywhere Windows, Linux, Mac, whatever
* Fully controlled user experience, no random popups
* No overhead. No wrappers to access the files, Control panel works fine
- * Protection is almost true - You can get to files if you know their file names. But oh well.. It's not fort knox, and you need to figure out filenames somehow.
- * Needs php wrappers anyway to work around 'inconveniences' in gallery and admin
firedev.com