« Return to Thread: Re: State of Digibug module

Re: State of Digibug module

by Chris F-2 :: Rate this Message:

Ah sorry, i thought this URL was passed behind the scenes and not public.

Scratch that idea then sorry.

Bharat Mediratta wrote:

Chris F-2 wrote:
> key = md5(imageid + galleryuniqueid)
...
> That means the url will be:
>
> http://example.com/gallery3/print_photo/35/12390239bbf32f
> http://example.com/gallery3/print_photo/36/534313901bfb1
> http://example.com/gallery3/print_photo/37/1239bab9321vb
...

I see. The problem is that the "print" button has to provide a link to
this url, so each of these urls will be on display. This means that
while I can't just put in arbitrary ids to grab your full size images, I
can just write a crawler to find these urls and then escalate each of
them into a full size url. The end result is the same, as far as I can
tell-- I'll be able to circumvent permissions and grab your full size
images.

-Bharat

------------------------------------------------------------------------------
__[ g a l l e r y - d e v e l ]_________________________

[ list info/archive --> http://gallery.sf.net/lists.php ]
[ gallery info/FAQ/download --> http://gallery.sf.net ]

« Return to Thread: Re: State of Digibug module