As far as I saw photos in VBGallery are simple "stored" in a folder of the server.
Since some categories can be set as "secured by password", or simple denied to some usergroups, I assumed there was some kind of security embedded. I've changed .htaccess file how it's described here and hence supposed everything was fine.
A pair of days ago, one friend emailed me a "secured" photo in it's full view. How did he do it? It was simpler than I imagined. He entered the user's profile and saw the thumbnail. He right clicked over the thumbnail, just rewrote the url and ... voila !! there was the full size image.
His words were.... "Your photo protection is a bad joke...."
He later told me there is a way to trully
protect the photos and it involves using GD, geting the images in a folder with no user access and then doing something like this:
Content visible to verified customers only.
I was embarrassed that I had spent money in a Gallery system that doesn't protect my users.... Now I'm working in code to entirely overwrite the code since this is more than unacceptable for my kind of page.
Just wanted you to know it...