Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Prevent web visitor from catalog/images directory


dao

Recommended Posts

In the post installation instruction, it advices that catalog/images directory to be having permission 777. This allow any web visitor to gain direct access to the catalog/images directory. Is there anyway to prevent web visitor from gaining direct access to the directory?

Link to comment
Share on other sites

Yeah just set the CHMOD to 666 should work :)

hi, changing to 666 still allow the web surfer to get to the directory. For example, the user can type http://www.domain.com/catalog/images or http://www.domain.com/images (depends on the configuration) to see all the images in the directory. Anyway to prevent web surfer to get/see to the directory?

Link to comment
Share on other sites

hi, changing to 666 still allow the web surfer to get to the directory.  For example, the user can type http://www.domain.com/catalog/images  or http://www.domain.com/images (depends on the configuration) to see all the images in the directory.  Anyway to prevent web surfer to get/see to the directory?

if you are using apache, use -indexes option so nobody can list directory content

Treasurer MFC

Link to comment
Share on other sites

Simply putting a blank html page called index.html into the images directory will do it

 

In my opinion this is better than modding the apache config file, as there are times when the index is handy... Obviously this doesn't stop someone from fetching files that they know the name of, but then that is what the images directory is for...

 

If you don't like putting up an empty file, put up a index.html that actually does something...

Link to comment
Share on other sites

If you don't like putting up an empty file, put up a index.html that actually does something...

Sometimes I put in an index.html that looks exactly like an error page.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

thanks for all your replies. i have created an index.html that shows error. however, i actually would want to prevent people from downloading my images. does apache -indexes option achieve that? sorry, i am very new to apache.

Link to comment
Share on other sites

thanks for all your replies.  i have created an index.html that shows error.  however, i actually would want to prevent people from downloading my images.  does apache -indexes option achieve that?  sorry, i am very new to apache.

 

There's no way to completely stop someone from downloading your images. Just consider this:

 

If they could not download the images they would never see the images in their browser. They're resident on their computer or all they would ever see is little boxes with red Xs in them. It's just a question about how difficult it is to save them to disk.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

You cannot stop images from being downloaded but with and .htaccess file you can prevent other sites from 'hotlinking' to images on your site.

'Hotlinking' refers to another web site using image tags that point to images on your site.

When your images display on their site, they are using your web site bandwidth to display them. Not a nice thing to do.

An .htaccess file will prevent the images from displaying on their site.

Instead they will display the red x in the white box.

Just a little side note. B)

Link to comment
Share on other sites

You cannot stop images from being downloaded but with and .htaccess file you can prevent other sites from 'hotlinking' to images on your site.

'Hotlinking' refers to another web site using image tags that point to images on your site.

When your images display on their site, they are using your web site bandwidth to display them. Not a nice thing to do.

An .htaccess file will prevent the images from displaying on their site.

Instead they will display the red x in the white box.

Just a little side note. B)

 

Or I think you can make it default to a certain image, such as "Bugger off and stop stealing my images" :thumbsup:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...