DidierKlein 729
You get an access denied when you try downloading the pics from the link provided by daid
You get an access denied when you try downloading the pics from the link provided by daid
I tried to steal one Ian, didn't work
Thanks Daid for the good tip ! :-)
Im going to apply this tonight.
If you spot any more loopholes in the system please let me know.
I spent every penny iv earned for 16 years buying these rare pictures and I want to try and protect the online archive.
Thanks a lot and big hugs !
Ian :-)
Ian - my day job is basically testing the security of web sites. I'll take a look at it for you, in the next day or two, once I get through some post-maker-Faire backlog.
Ian - my day job is basically testing the security of web sites. I'll take a look at it for you, in the next day or two, once I get through some post-maker-Faire backlog.
THANK YOU !!
I probably have spent.... more than 40,000 euros on buying the first color film footage and that is every cent I earned since University.. I want to have a OK chance to put this amazing historical collection online and try and earn a few bucks back from the investment.
Thats why these little checks now as the site is young and small is so so important !
So big THANK YOU if you can have a look for me :smile:
Ian :smile:
The problem with .htaccess or similar techniques is that if your server/hosting package is compromised, somebody would be able to download the entire site. You could create/buy a system where only the previews are stored on the server and the originals are fetched from another server in the background only when needed.
But why not add your photos to istockphoto.com or similar services? I guess with so many rare and high quality photos, you could strike a good deal and maybe earn more than through (yet unknown) site.
if I moved my image files to... amazon cloud for example.. then what would stop people just trying to hack that account with amazon and get there hands on the pictures that way ?
From what iv seen the last months with big companies and big security.. everything is crackable....
But open to good handy tips to give me a little chance... ;-)
Also about me going alone... I tried renting out my collection to a big photo agency... I got a little fed up receiving 20 percent royalties for the images I own and bought... seemed like day light robbery to me.. so better setting up pixpast... run it for 10 or 20 years... setup fair prices compared to the other big guys.. and then spread the word...
If it takes 10 years to get things running.. thats OK with me.. aslong as in the end its my baby and if or when a photo sells... i get the money from my investment and not only 20 percent..
Ian :-)
ok i just did the "-Indexes" change.... im still wondering about using the cloud ?
Ian :-)
There's no difference between the cloud and a server somewhere else. It is just that with some big companies you *might* have a better chance to protect your server because they can roll out the big guns.
But your specific problem is not related to a server type but rather to the fact that you goods are on the server. And if somebody hacks into it, then it is game over.
That's why I had the idea to put the assets somewhere else. A server without public access. Then from your frontend server fetch assets when needed from the asset server. You could then monitor the traffic between the two servers and rais alarm if something fishy happens (like too many photos accessed at once).
I am sure there are tools out there that do this because creating such a system on your own is quite a task.
The photo sales shop software I bought for this project actually has an option to connect to amazon cloud.
I was just a little slow to start buying the next hosting account ontop of the normal one I have already..
But I guess I shoudnt try and save on safety...
Ian :-)
Recommended Posts
Daid 306
You might want to prevent this:
http://pixpast.com/content2/
Depending on how your hosting is setup, you could prevent this with a "-Indexes" in the htaccess:
http://www.thesitewizard.com/apache/prevent-directory-listing-htaccess.shtml
Link to post
Share on other sites