Search

Using JIT is great, but people can reverse engineer, and get any size of image they want, also very big sizes, or the path to the original size. Is there a way to prohibit these for non members (members extension)? Mod rewrite, or having JIT save a duplicate smaller image in a separate location? (without un-dynamizing the entire site by serving at static version obtained from a wget)

Just tried this out quickly and the following seems to work: create a .htaccess file inside each image upload directory you want to protect consisting of:

Order Allow,Deny
Deny from all

That wouldn't stop JIT calls to larger sizes, of course, but maybe it's a start.

but people can reverse engineer, and get any size of image they want, also very big sizes

The latest version of JIT (integration) has new "named recipes" functionality so you can create resize URLs that contain a name such as /images/gallery-thumbnail/:path which masks the actual sizing information. It hasn't really been tested yet, but is something we're working on.

My plan is to write an extension that pre-saves images at the various recipe dimensions so you can bypass JIT on the frontend entirely, but I haven't started work on it yet! It'll be around Symphony 2.3 time.

Create an account or sign in to comment.

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3-5.6 or 7.0-7.3
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details