I would use the Photo product because it provides a well rounded interface to deal with picture resizing and thumbnail generation. There's no need to remove garbage code out of templates in order to seize it. Furthermore, as a Photo object is a regular Zope one, you can take advantage of Zope's security machinery, so the only thing you'll need to do is to set the 'view' permission of your photos container to "Authenticated". Also, you don't need to use a Photo Folder. Moreover, chances are that you'll need a (Zope2.7.X) mounted BTreesFolder2 one in order to storage thousands of photos, and a ZCatalog to catalog them and retrieve those that belongs to your current user. Be sure that you use the largest drive you can get, as you'll need twice the space of the largest expected size of your photos container, so you don't have any problem when you pack the database. Ausum ----- Original Message ----- From: Gregor Melhorn To: zope@zope.org Sent: Thursday, November 04, 2004 9:31 AM Subject: [Zope] Application Design and Photos Hello Zope users! Maybe you can help me with the following scenario: I'm developing a community site in zope. I don't use CMF or Plone, since I wouldn't be using much of the functionality anyway and therefore would only slow down the site with it. All user data is stored in MySQL. exUserFolder is used for authentication. Registered users should be able to upload photos to my site. These photos may be viewed by other registered users, but no anonymous users (no anonymous access to photos allowed). Now, how do I do this best? Is there any "best practice" on how to give each user a personal gallery? Creating a single folder for every user, and putting images in there for every category? Or should I put all in one big folder, maybe assigning matching photos to users via a table in the database with user-filename columns? There may be around 30 000 users and 200 000 photos. I thought of using the "Photo Folder" product, maybe setting its properties to "external filesystem", so the ZopeDB doesn't get too large. Anybody has experience on that one? Is it possible to use the external filesystem and still prevent anonymous access? Any help would be appreciated! Gregor