Mig and the Apache Server
  Security Considerations
    There are always security considerations when dealing with anonymous
    external users accessing a server. Mig mitigates these concerns where it
    can (for instance, a "currDir" variable containing ".." causes Mig to
    panic and immediately exit), but it can't do everything.

    The main thing Mig does to help with the security problem is that it
    never, ever, writes anything to the disk. It only reads. This minimizes
    the potential damage a malicious attacker could do. (That's why Mig
    doesn't automatically generate thumbnails, by the way.)

    An example: Mig's PHP code can't control whether or not a web user
    fetches mig.cf or exif.inf files by simply using direct URLs (since
    using direct URLs bypasses Mig and PHP altogether). Users of Apache can
    use the following in their configuration to protect their files from
    being read:

        <Directory /path/to/your/mig/gallery>
            # Protect against anyone trying to view mig.cf or exif.inf files
            <Files ~ "^(mig\.cf|exif\.inf)$">
                order allow,deny
                deny from all
            </Files>
        </Directory>

    With this rule in place, someone can't for example go to a URL like this
    one:

        http://tangledhelix.com/gallery/albums/Miscellaneous/mig.cf

    It would be met with an access denial from the server.

  Useful Rewrite Ideas
    Mig URLs can be made shorter and easier to remember by using Apache's
    rewrite rules. This requires "mod_rewrite" to be available. Here are
    some examples from my site:

    First, define simple shortcut names using the jump map (see the jump
    document).

    Then, add a rule or two like this to httpd.conf:

      RewriteRule ^/go/([^/]+)        /gallery/index.php?jump=$1    [R]
      RewriteRule ^/photo/([^/]+)     /gallery/index.php?jump=$1    [R]

    Now URLs like these will work:

      http://tangledhelix.com/photo/kate
      http://tangledhelix.com/go/kate

    Further shortening can be done if desired:

      RewriteRule ^/kate           /gallery/index.php?jump=kate     [R]
      RewriteRule ^/house          /gallery/index.php?jump=house    [R]
      RewriteRule ^/europe         /gallery/index.php?jump=europe   [R]

    For example, now http://tangledhelix.com/kate/ will work. Of course,
    doing things this way would require more maintenance than the more
    general jump-based rules shown above.

    Naturally, "RewriteEngine on" is required in the config prior to using
    any rewrite rules. See Apache's documentation for more information about
    the rewriting engine.