Secure LinPHA

From LinphaWiki

Protect images from outside

Although you can choose which persons are allowed to see your images and which one are not allowed, it is still possible to open the image directly in the browser if the filename is known. For example: http://yourhost/linpha/albums/testfolder/testimage.jpg

To prevent this, we added the file ".htaccess" to the albums folder which tells apache that any direct access is forbidden. But if you are not using apache as your webserver, or the option "Allow override" has been disabled in the apache configuration this protection is useless.

In that case we really suggest not to place your images in the linpha/albums subfolder, but in any other folder which is not accessible through the webserver. But this feature is only available in LinPHA v2 and newer versions. Please see Howto_move_album_directory for details.

Its the same with the linpha/var folder where cached images, the database password and any temporary file is stored. (In LinPHA v1 the folder is called linpha/sql.)