I think the Image Authorization will do what I need though it looks like
a bit of work to squeeze into a bunch of existing wikis that I have.
I'll set the .htaccess or httpd.conf settings as you suggested to get
rid of the directory listings.
Security through obscruity used to be good before web crawlers came
around.
Thanks a bunch!
-Jim
-----Original Message-----
From: Emufarmers Sangly [mailto:emufarmers@gmail.com]
Sent: Monday, November 05, 2007 4:23 PM
To: MediaWiki announcements and site admin list
Subject: Re: [Mediawiki-l] Securing images directory
On Nov 5, 2007 4:00 PM, Jim
wrote:
I am presented with the directory tree and can access
all files saved
under the images directory. I cannot find anything in the archives
describing this and how to restrict access. I plan to try .htaccess
but I was wondering if there is a better approach and whether other
directories are as unprotected as the images directory from being read
by non-logged in users. Maybe a httpd.conf
directive?
How secure do you need the images? Do you want it so that nobody can
access an image without being logged into the wiki, even if they know
the file's location/URL? (For this, you would need to use img_auth.php:
<
http://www.mediawiki.org/wiki/Manual:Image_Authorisation>gt;.) Or do you
just not want somebody to have access to all your images in directory
listing format? For that, you can just disable the display of indexes
through httpd.conf or .htaccess (Options -Indexes).
--
Arr, ye emus,
http://emufarmers.com
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l