[Zope] Re: Application Design and Photos
Nate Aune
natea at jazkarta.com
Tue Nov 9 11:01:48 EST 2004
You might also want to have a look at FSPhoto, which also stores the photos
on the file system so any web server (like Apache) can serve these images.
FSPhoto automatically generates the right links for the photos.
http://zope.org/Members/fafhrd/News_Item.2004-07-28.2010/
Another one to have a look at is ZPhotoSlides - http://www.zphotoslides.org/
Nate
in article 000001c4c331$13ca85f0$64a8a8c0 at gregor, Gregor Melhorn at
g.melhorn at web.de wrote on 11/5/04 7:15 AM:
> Hello zope-users,
>
> thank you very much for your suggestions!
>
> I thought about it for a while, and the following solution came to my mind J
>
> First: Speed is critical to the site, since there may be several thousand
> users online at the same time.
>
> What about using the extImage Product, letting apache serve the content from
> an external image repository? So Zope only serves image urls. This should be
> way faster than letting serve Zope the images all by itself. For security, I
> thought of creating a separate directory for each user containing the user¹s
> photos. Directorys are configured to not be listable by anonymous users via
> apache. Every filename is a random string with at least 30 characters, so
> guessing the files should be impossible.
>
> For added security: I don¹t know if there is some kind of apache rule that
> allows locking out ips that tried to guess files, therefore generating a lot
> of 404s.
>
> Security could further be improved by checking the referrer in the rewrite
> rule, which is used by extImage. Also it would be possible to set a cookie at
> the gallery page, and checking the cookie in a rewrite rule. This would
> prevent authenticated users from linking directly to the images (and therefore
> allowing unauthorized access). Not 100% secure, but should be difficult for
> everyone that doesn¹t know how to fake a cookie and modify his referrer = the
> average user).
>
> What do you think about that solution?
>
> Thanks for your help!!!
>
> Gregor
>
>
> _______________________________________________
> Zope maillist - Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
--
Nate Aune - natea at jazkarta.com
Plone4Artists - http://plone4artists.org
"Build your own artist community website!"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20041109/143b29db/attachment.htm
More information about the Zope
mailing list