User Tools

Site Tools


ce4_password_protection

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
ce4_password_protection [2014/07/03 05:21]
matthew
ce4_password_protection [2014/07/03 05:24] (current)
matthew
Line 17: Line 17:
 Enabling password protection will cause galleries to export as PHP documents. PHP documents must be run in a web server environment and cannot be viewed from the desktop, or using Lightroom'​s “Preview in Browser” feature. Enabling password protection will cause galleries to export as PHP documents. PHP documents must be run in a web server environment and cannot be viewed from the desktop, or using Lightroom'​s “Preview in Browser” feature.
  
 +----
  
 +===== Master Credentials =====
 +
 +Users logged in as **Master** will have access to all protected galleries on your website.
 +
 +Master credentials are intended for use by the site administrator (that'​s you), so that the website may be browsed freely without the need to memorize numerous, individual client logins for gallery access.
 +
 +Master credentials should not be shared with clients.
 +
 +===== Guest Credentials =====
 +
 +Users logged in as **Guest** will only have access to specific galleries or gallery indexes into which they have logged in directly.
 +
 +Guest credentials are intended for use by clients.
 +
 +===== Setting Passwords in TTG CE3 Publisher =====
 +
 +See CE4 Publisher documentation ...
 +
 +===== Logging Out =====
 +
 +There are two ways to terminate a login:
 +
 +  * Upon quitting the web-browser,​ login credentials will be lost. The next time the browser is launched and protected galleries are accessed, the user will be prompted for login.
 +  * A gallery may be logged out of by appending ''​%%?​logout%%''​ to the end of the gallery URL, i.e. ''​%%http://​yourdomain.com/​image-gallery/?​logout%%'',​ ''​%%http://​yourdomain.com/​image-gallery/​index.php?​logout%%'',​ etc.
 +
 +You may create a logout hyperlink in your gallery navigation or in "the block" content, targeting the the page using relative URL.
 +
 +Hyperlink target for a link in site navigation:
 +
 +<​code>​./?​logout</​code>​
 +
 +Markdown syntax for block copy:
 +
 +<​code>​(Logout)[./?​logout]</​code>​
 +
 +HTML syntax for block copy:
 +
 +<​code><​a href="​./?​logout">​Logout</​a></​code>​
 +
 +----
 +
 +===== Security Through Obscurity =====
 +
 +CE4 plugins use low-security,​ script-based password protection. //​Script-based//​ means that protection is run //on the page//, and therefore can only protect what is //on the page//. Protection does not extend to your gallery'​s /photos/, /​thumbnails/​ or /resources/ folders, the contents of which can still be accessed directly by URL.
 +
 +Because these assets can only be accessed by direct URL, however, an infiltrator would need first to know of the assets'​ existence, and then would also need to know both the name and location of specific assets. This is known as "​security through obscurity"​.
 +
 +If you wish to implement stricter security measures, then you will need to implement security at a server level. Such is beyond the scope of CE4 plugins. Contact your host or reference your host's knowledge base on how to do that. We recommend against using server-side password protection for galleries, however, as blocked access to your image galleries will also prevent the auto index from accessing thumbnail images for gallery index pages.
 +
 +Security through obscurity can be aided by using .htaccess directives to block access to directories on your server containing images. For example, visitors targeting your /photos/ folder would see a "​Forbidden"​ error, rather than the server listing folder contents for download. The directive is:
 +
 +<​code>​
 +<​IfModule mod_autoindex.c>​
 + Options -Indexes
 +</​IfModule>​
 +</​code>​
 +
 +For more information on using .htaccess directives, see our [[htaccess_creation|.htaccess reference]].
ce4_password_protection.txt · Last modified: 2014/07/03 05:24 by matthew

The Turning Gate
Creating webbly, wobbly, Lightroomy things since 2007.