This question is answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 5 - Pages: 1 - Last Post: 25 May 21, 14:56 Last Post By: JeffTucker
willy3520

Posts: 6
Registered: 6-Feb-2009
Protection - jAlbum Standard License or Premium Account
Posted: 19 May 21, 09:44
 
  Click to reply to this thread Reply
How secure is the access to photos in jAlbum on own server.
Can access be gained behind the password?
Can photo be "captured" if e.g. the whole path is written in the browser line?
Eg. http://www.myphotos.com/album1/photo.jpg
Or otherwise access photos without the password.

/Willy

Edited by: willy3520 on 19 May 2021, 09:49

Edited by: willy3520 on 19 May 2021, 10:09
davidekholm

Posts: 3,442
Registered: 18-Oct-2002
Re: Protection - jAlbum Standard License or Premium Account
Posted: 19 May 21, 13:00   in response to: willy3520 in response to: willy3520
 
  Click to reply to this thread Reply
willy3520 wrote:
How secure is the access to photos in jAlbum on own server.
Can access be gained behind the password?
Can photo be "captured" if e.g. the whole path is written in the browser line?
Eg. http://www.myphotos.com/album1/photo.jpg
Or otherwise access photos without the password.

/Willy


Any web servers I'm aware of should ensure that the resource requested under a password protected path is only delivered if the user has entered the correct credentials (username+password combination)
JeffTucker

Posts: 8,039
Registered: 31-Jan-2006
Re: Protection - jAlbum Standard License or Premium Account
Posted: 19 May 21, 13:06   in response to: davidekholm in response to: davidekholm
 
  Click to reply to this thread Reply
In fact, the jAlbum servers are more secure than most because they don't support server-side processing (PHP, for example) at all. That's the path by which sites are usually hacked - the hackers exploit unpatched software like older versions of Wordpress. That technique can't be used on jalbum.net.
hanso

Posts: 93
Registered: 16-Apr-2008
Re: Protection - jAlbum Standard License or Premium Account
Posted: 19 May 21, 15:03   in response to: willy3520 in response to: willy3520
 
  Click to reply to this thread Reply
If the jpg file is readable, as you can see in your url example, it is in effect downloaded already in the browsers cache locally.

You have to protect the whole album at server level behind a password mechanism. Check your server providers info on that.
willy3520

Posts: 6
Registered: 6-Feb-2009
Re: Protection - jAlbum Standard License or Premium Account
Posted: 25 May 21, 10:36   in response to: hanso in response to: hanso
 
  Click to reply to this thread Reply
Thanks to everyone for answers.
Unfortunately, I have to refrain from using jAlbum.
It is for the family's photo album and should preferably be on its own domain.
I'm not an eagle for security in a web hotel.
Many family members, friends and guests. Children, grandchildren and great-grandchildren are reluctant with pictures of them when lying on the Internet.
So the photo album and the photographs must be pretty safe not accessible by unauthorized.
JeffTucker

Posts: 8,039
Registered: 31-Jan-2006
Re: Protection - jAlbum Standard License or Premium Account
Posted: 25 May 21, 14:56   in response to: willy3520 in response to: willy3520
 
  Click to reply to this thread Reply
You could host your album on your jAlbum account, as https://willy3520.jalbum.net/.

You could register your own domain, and host it on the jalbum.net servers.

You could register your own domain, and host it on any other commercial web host.

The level of security is exactly the same in all three cases. If you password-protect your albums, no one can access your photos without your permission, other than the person who is physically managing the server.

What do you think would be more secure? I'm curious about what kind of misinformation you have acquired. ;)

Most of us don't bother with passwords. I have my family photo album online, with no protection. I see no evidence that anyone outside of my family has ever looked at those images. Why would they bother? Remember, hackers want money. They want access to your bank account or your brokerage account. They can't make money from pictures of your children.
Legend
Forum admins
Helpful Answer
Correct Answer

Point your RSS reader here for a feed of the latest messages in all forums