Good evening,
Question: I am using the myAlbum-p module and have a few private family pictures in there that I want to protect. So I make the album module only viewable by family members. So far so good. Now, when I point my browser to the directory and the filename of the image file it displays on the screen regardles wether or not they are logged on. I disabled directory browsing on my webserver so that makes it a little bit more secure. I even tried to .htaccess protect the directory where the images were stored, but the problem then is that the system asks for a password when displaying the photos, even if the user is logged into xoops.

Is there any way I can protect the image files without it affecting xoops? My photo album is eventually not the only module I want to protect from outside interference. The predictability of the filenames in the myAlbum-p module is alarming also. It creates the images with numeric names starting at 1 and increasing by one for every image. So if you know the upload directory it's ridiculously easy to download all the images. Any ideas what I could do?

One thing I thought about was perhaps moving the photos to a blob field in the MySQL database instead of physically storing them on the disk, but I don't know how do go about doing that or if it's even feasible taking into account database size and speed of access.

Elevator.