Hello
I found that if a user opts for "Guests can view the site" = NO it is still possible to see his avatar in a link http://www.yoursite/...big_1_1429646323.jpg.
it means that actually this is a violation of the privacy set up. Similar all files under http://www.yoursite/ow_userfiles.
So basically this trick the user to think that his files/pics/avataras are closed to public but in reality they are not.
I like Oxwall and his features. Could the team please consider to change a strategy? I know this probably will cost more databse resources but the point is that the site owner does not want to lose his members due to their dissatisfaction.
Thank you
Martin
We build. You grow.
Get best community software hereStart a social network, a fan-site, an education project with oxwall - free opensource community software
Privacy & Permissions | Forum
Leader dave
Apr 21 '15
you can always block direct url access to photos from outside of the site via mod rewrite.
Leader dave
Apr 21 '15
for example here is a commonly found mod rewrite that i have used for a long time.
#block images by direct url all sites listed are authorized
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www.)?siteA.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www.)?siteB.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www.)?siteC.com/ [NC]
#browsers send blank referrer so block url in browser too
#you might allow here but then block in sub domain
#optional but recommended - allow blank referrer
#RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|wmv|mp4)$ - [F,NC,L]
#end block
hope this helps
The Forum post is edited by dave Apr 21 '15
Martin Baso
Apr 21 '15
Many thanks, I tried and it works supper! I will check more features in a site. Anaway again many thanks.
BTW could this modification be considered in htaccess for next release please? Or maybe just to add a text file with notes how to modify it.
BTW could this modification be considered in htaccess for next release please? Or maybe just to add a text file with notes how to modify it.
Team ross
Apr 22 '15
Martin, you can make a suggestion on uservoice: http://oxwall.uservoice.com/forums/13756-ideas-for-oxwall if it gets many voice, our team will consider implementing it.
