You might also want to have a look at FSPhoto, which also stores the photos on the file system so any web server (like Apache) can serve these images. FSPhoto automatically generates the right links for the photos. http://zope.org/Members/fafhrd/News_Item.2004-07-28.2010/ Another one to have a look at is ZPhotoSlides - http://www.zphotoslides.org/ Nate in article 000001c4c331$13ca85f0$64a8a8c0@gregor, Gregor Melhorn at g.melhorn@web.de wrote on 11/5/04 7:15 AM:
Hello zope-users,
thank you very much for your suggestions!
I thought about it for a while, and the following solution came to my mind J
First: Speed is critical to the site, since there may be several thousand users online at the same time.
What about using the extImage Product, letting apache serve the content from an external image repository? So Zope only serves image urls. This should be way faster than letting serve Zope the images all by itself. For security, I thought of creating a separate directory for each user containing the user¹s photos. Directorys are configured to not be listable by anonymous users via apache. Every filename is a random string with at least 30 characters, so guessing the files should be impossible.
For added security: I don¹t know if there is some kind of apache rule that allows locking out ips that tried to guess files, therefore generating a lot of 404s.
Security could further be improved by checking the referrer in the rewrite rule, which is used by extImage. Also it would be possible to set a cookie at the gallery page, and checking the cookie in a rewrite rule. This would prevent authenticated users from linking directly to the images (and therefore allowing unauthorized access). Not 100% secure, but should be difficult for everyone that doesn¹t know how to fake a cookie and modify his referrer = the average user).
What do you think about that solution?
Thanks for your help!!!
Gregor
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
-- Nate Aune - natea@jazkarta.com Plone4Artists - http://plone4artists.org "Build your own artist community website!"