We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Privacy & Permissions | Forum

Martin Baso
Martin Baso Apr 21 '15
Hello

I found that if a user opts for "Guests can view the site" = NO it is still possible to see his avatar in a link http://www.yoursite/...big_1_1429646323.jpg.

it means that actually this is a violation of the privacy set up. Similar all files  under http://www.yoursite/ow_userfiles.

So basically this trick the user to think that his files/pics/avataras are closed to public but in reality they are not.

I like Oxwall and his features. Could the team please consider to change a strategy? I know this probably will cost more databse resources but the point  is that the site owner does not want to lose his members due to their dissatisfaction.

Thank you
Martin
dave Leader
dave Apr 21 '15
you can always block direct url access to photos from outside of the site via mod rewrite.
dave Leader
dave Apr 21 '15
for example here is a commonly found mod rewrite that i have used for a long time. 


#block images by direct url all sites listed are authorized
RewriteEngine on

RewriteCond %{HTTP_REFERER} !^http://(www.)?siteA.com/      [NC]

RewriteCond %{HTTP_REFERER} !^http://(www.)?siteB.com/      [NC]

RewriteCond %{HTTP_REFERER} !^http://(www.)?siteC.com/      [NC]


#browsers send blank referrer so block url in browser too

#you might allow here but then block in sub domain

#optional but recommended - allow blank referrer


#RewriteCond %{HTTP_REFERER} !^$

RewriteRule .*\.(jpg|jpeg|gif|png|bmp|wmv|mp4)$ - [F,NC,L]
#end block
hope this helps 

The Forum post is edited by dave Apr 21 '15
Martin Baso
Martin Baso Apr 21 '15
Many thanks, I tried and it works supper! I will check more features in a site. Anaway again many thanks.

BTW  could this modification be considered in htaccess for next release please? Or maybe just to add a text file with notes how to modify it.

ross Team
ross Apr 22 '15
Martin, you can make a suggestion on uservoice: http://oxwall.uservoice.com/forums/13756-ideas-for-oxwall if it gets many voice, our team will consider implementing it.