Good evening,
Question: I am using the myAlbum-p module and have a few private family pictures in there that I want to protect. So I make the album module only viewable by family members. So far so good. Now, when I point my browser to the directory and the filename of the image file it displays on the screen regardles wether or not they are logged on. I disabled directory browsing on my webserver so that makes it a little bit more secure. I even tried to .htaccess protect the directory where the images were stored, but the problem then is that the system asks for a password when displaying the photos, even if the user is logged into xoops.

Is there any way I can protect the image files without it affecting xoops? My photo album is eventually not the only module I want to protect from outside interference. The predictability of the filenames in the myAlbum-p module is alarming also. It creates the images with numeric names starting at 1 and increasing by one for every image. So if you know the upload directory it's ridiculously easy to download all the images. Any ideas what I could do?

One thing I thought about was perhaps moving the photos to a blob field in the MySQL database instead of physically storing them on the disk, but I don't know how do go about doing that or if it's even feasible taking into account database size and speed of access.

Elevator.

hi encasa.

A solution is like this:

- Clone myAlbum-P as myalbum0/, myalbum1/ etc.
- Make a directory in uploads/ whose name is unexpected from others. (777)
- Set the directory's name into preferences of cloned myAlbum-P.
- Set to deny accessing the cloned modules from others in groups admin.

Of course, once the name of the directory is known by others, all photos are downloaded by him.
But, nobody knows the name, if you set Options -Indexes.