Privacy

This page describes the tools in wppa+ to prevent certain visitors to view certain photos under certain conditions.

The following privacy settings are available:

  • Photo status private

    You can set the status of photos to private.
    This means that the photos do not show up to logged-out visitors.

    This is not a secure feature to prevent photos from being seen for those people who know a bit about how wppa works. Once an url works, like
    http://mysite.com/photo-album/?occur=1&cover=0&photo=4711
    and one guesses the private photo id correctly as being 5678, one can change the photo number in the url from 4711 to 5678 to see the photo. However, it is a first method to selectivity show photos to logged in users only.

  • Encrypted urls

    The album and photo ids can be encrypted. The encryption codes are pure random generated 12 digit hexadecimal numbers. There is no algorithm to convert an album or photo (database table record) id to the album/photo encryption code or vice versa. The cryptic codes are stored along with the album/photo data in the database and have to be looked up to convert id to crypt and vice versa. The codes are different for different sites.

    When this feature is activated, all urls generated by wppa contain the cryptic codes in stead of the db record ids. Example:
    http://www.mysite.com/photo-album/?occur=1&cover=0&album=3&photo=4711
    will now read something like:
    http://www.mysite.com/photo-album/?occur=1&cover=0&album=61e726ab800b&photo=18bf7228cfba

    This method works quite well, but without further action the urls containing the real album and photo ids will still correctly be interpreted. So, as long as the visitor has no idea in what range of ids he can successfully guess the ids, the photos can hardly become visible outside the proper way, using the links provided by wppa itsself.

    To activate encryption on a new site, tick the box in Table IV-A6.1. The cryptic codes are generated automaticly when new albums or photos are added. Althoug the probability for duplicates is extremely low, uniqueness is verified upon creation of each new code. To activate encryption on an existing site, you must run the maintanance procedures in Table VIII-A13 and Table VIII-A14 before you can tick Table IV-A6.1. This adds the cryptic codes to the existing albums and photos.

  • Denial of real ids

    One step further is the denial of un-encrypted urls. By ticking the box in Table IV-A6.2, you are switching off the proper interpretation of urls with real ids. From this moment on, it is useless for the visitor to guess album and/or photo ids, because he has to guess the 12 digit hexadecimal random numbers what is practically undoable.

    However, there is a drawback for this when you apply it to existing sites, because links to photos that have been shared on social media in the past, or saved anywhere else, will no longer work. The same applies for shared links if you run the maintenance procedures Table VIII-A13 and/or Table VIII-A14 again in a later stage.

  • Tree structured image filesystem

    When all the above is applied, visitors can still enter links to photofiles manually like:
    http://www.mysite.com/wp-content/uploads/wppa/4711.jpg
    Changing the name of wp-content and other methods alike do not work; visitors can easily discover the urls of images when they inspect the page source and simply guess other image filenames because they all are of the form [id].[ext].

    In Table VIII-A10 one can convert the filesystem from flat (all display size images have names [id].[ext] and reside in .../wp-content/uploads/wppa/ and all thumbnails in .../wp-content/uploads/wppa/thumbs/ with the same names) to tree. This serves two needs: faster filesystem and harder to find the photos. In a tree structure, a photo with id 12345 will be found as .../wp-content/uploads/wppa/12/34/5.jpg The conversion can be rolled back (i.e. converted to tree again) after completion.

  • Denial of hotlinking

    In Table IV-A18: Enable photo html access one can select a type of .htaccess file to be created in .../wp-content/uploads/wppa/ and .../wp-content/uploads/wppa/thumbs/.
    If you select 'create 'no hotlinking' .htaccess files', any access of the display or thumbnail files by a direct url typed in the browser address line will result in a 'Forbidden' error. This will also happen for links from other websites to your image files in wwpa.

  • Cryptic filenames

    Future development will provide a method to convert the filenames from [id].[ext] to [cryptic code].[ext], where the cryptic code will be generated like described above (12 digits hexadecimal random number) and the codes will be different from the codes used in the urls, so even when the visitor sees the code in the url, he still will not be able to open the imagefile by a direct url if you did not activate the 'no hotlinking' method for any reason. This, in combination with disabeling the context menu will make it hard, but still not impossible to view photos against your intention.
    If you really want to hide photos from being viewed, do not upload them to the internet.