<html>
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 10 (filtered)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p
{margin-right:0cm;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman";}
span.EmailFormatvorlage17
{font-family:Arial;
color:windowtext;}
@page Section1
{size:595.3pt 841.9pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=DE link=blue vlink=purple>
<div class=Section1>
<p><font size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:
Arial'>Hello zope-users,</span></font></p>
<p><font size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:
Arial'>thank you very much for your suggestions!</span></font></p>
<p><font size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:
Arial'>I thought about it for a while, and the following solution came to my
mind </span></font><font size=2 face=Wingdings><span lang=EN-GB
style='font-size:10.0pt;font-family:Wingdings'>J</span></font></p>
<p><font size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:
Arial'>First: Speed is critical to the site, since there may be several
thousand users online at the same time. </span></font></p>
<p><font size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:
Arial'>What about using the extImage Product, letting apache serve the content
from an external image repository? So Zope only serves image urls. This should
be way faster than letting serve Zope the images all by itself. For security, I
thought of creating a separate directory for each user containing the user’s
photos. Directorys are configured to not be listable by anonymous users via
apache. Every filename is a random string with at least 30 characters, so
guessing the files should be impossible. </span></font></p>
<p><font size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:
Arial'>For added security: I don’t know if there is some kind of apache
rule that allows locking out ips that tried to guess files, therefore
generating a lot of 404s. </span></font></p>
<p><font size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:
Arial'>Security could further be improved by checking the referrer in the
rewrite rule, which is used by extImage. Also it would be possible to set a
cookie at the gallery page, and checking the cookie in a rewrite rule. This
would prevent authenticated users from linking directly to the images (and
therefore allowing unauthorized access). Not 100% secure, but should be
difficult for everyone that doesn’t know how to fake a cookie and modify
his referrer = the average user).</span></font></p>
<p><font size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:
Arial'>What do you think about that solution?</span></font></p>
<p><font size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:
Arial'>Thanks for your help!!!</span></font></p>
<p><font size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:
Arial'>Gregor</span></font></p>
</div>
</body>
</html>