Adult Script Pro Community Forums

Create, help and share your ideas with the community!

You are not logged in.

#1 2017-05-15 01:18:07

franz
Member
Registered: 2014-07-09
Posts: 29

[SECURITY] Privately marked photo album, photos can still be viewed

if a photo album is marked private, users can still access its contents by guessing its number name files at domain.com/media/photos/12345.jpg

you can easily actually guess its number by comparing the photo number name of the recent public photos located before or after it

I suggest that the photos be named in a random generated text, same goes for the videos

Offline

#2 2017-05-15 14:45:55

symtab
Administrator
Registered: 2010-08-23
Posts: 7,431
Website

Re: [SECURITY] Privately marked photo album, photos can still be viewed

Yeah, this could be possible, but you can protect the files from the web server configuration. I cold however modify this for 3.x, although the photo stuff is already coded, i will try to modify it to use a hash for the photos.


Adult Scripts: Adult Script Pro - Adult Search Script
Adult Advertising/Traffic: Plug Rush - EXOClick - PopAds

Offline

#3 2017-05-15 19:00:25

franz
Member
Registered: 2014-07-09
Posts: 29

Re: [SECURITY] Privately marked photo album, photos can still be viewed

it would be nice if you could also use hash for the video file names while your at it.. thanks

Offline

#4 2017-05-16 14:57:08

symtab
Administrator
Registered: 2010-08-23
Posts: 7,431
Website

Re: [SECURITY] Privately marked photo album, photos can still be viewed

The video files can be protected with a secure access configuration in the web server. The modification could be done (and its a good idea), but it would take me a lot of time. Once i finish 3.x, then while we are fixing bugs, i try to add this feature.


Adult Scripts: Adult Script Pro - Adult Search Script
Adult Advertising/Traffic: Plug Rush - EXOClick - PopAds

Offline

Board footer

Powered by FluxBB