Chris F-2 wrote:
> Just an idea for this. Can a random string or something unique to the server
> for that image be added to this URL.
>
> That way the full image URL can be passed to a certain function, however a
> users/system cannot "guess" any other URLs of other images.
>
> The only way you can subvert the full permission of an image is by knowing
> basically the URL plus the 'key' to that individual image.
>
> So the url would be something similar to:
>
>
http://example.com/gallery3/print_photo/35/12390239bbf32f>
> And the random keys would not be sequential or guessable.
Are you suggesting a shared-secret solution? That only works if you
share a secret with Digibug such that only your Gallery3 and Digibug
have a copy of the secret. Currently, Digibug doesn't offer that type
of solution. Each Gallery 3 install has its own unique key we could use
for this purpose, but Digibug would have to implement something on their
sude to support it.
------------------------------------------------------------------------------
__[ g a l l e r y - d e v e l ]_________________________
[ list info/archive -->
http://gallery.sf.net/lists.php ]
[ gallery info/FAQ/download -->
http://gallery.sf.net ]
