 | |
showing pictures selectively
Website Design comp.infosystems.www.authoring.site-design
 |
| | Thread Tools | Display Modes |
#1
 
| |||
| |||
|
showing pictures selectively -
10-06-2004
, 07:43 PM
#2
| |||
| |||
|
|
I want to put them somewhere where users can't guess at the picture names and dip into the ones they are not supposed to see by typing the name with the url, but then the server can't access them. How is this normally handled? Create a subdirectory for each group, put the images for each group |
directory.
--
jmm dash list (at) sohnen-moe (dot) com
(Remove .AXSPAMGN for email)
#3
| |||
| |||
|
|
I want to put together a photo gallery website where different users have access to different subsets of a large set of pictures depending on there access priveleges. This is a family photo album if anyone cares. |
security mechanism carefully:
Individual secret: You manage, say, usernames/passwords for each
individual. You try to make sure everybody uses non-guessable
passwords, doesn't share them, and otherwise keeps them secure. It's
possible that you'll end up with better security than with a shared
secret, but I wouldn't bet on it.
Shared secret: You distribute one password or obscure URL to the entire
group. You try to make sure everybody respects community standards as
to sharing the secret with others. Every so often you change the secret
and redistribute to everyone who's supposed to have it.
I'll elaborate on the shared secret options, password vs. obscure URL.
Passwords are potentially more secure than obscure URLs, because URLs
may be cached in ISP proxy servers, and sometimes server logs get
inadvertently exposed. The down side with passwords for family albums
is that they are a pain for family members with poor memory or other
disabilities.
I think obscure URLs are generally better for family photo albums.
Presumably you wouldn't put anything up that absolutely positively never
could fall into the wrong hands, a guarantee that passwords don't give
you either. Emailing family members a link they can just click is very
convenient, and the risk of compromised logs from their ISP's proxy or
the server is small enough to be acceptable. Of course that's a
judgment you have to make yourself based on the content of your albums.
Some people put family albums on the web with no secrecy at all and even
post the links to Usenet.
My site, ourdoings.com, is primarily designed for family photo blogs.
I'll describe the approach I take there.
When you create a new site under ourdoings.com, you're offered by
default an obscure URL like
http://ourdoings.com/unlisted/zia5k3nq
Those eight characters allow for a trillion combination, so a brute
force attack would on average find the site in 500,000,000,000 tries.
You can change it to a more memorable URL if you wish. I use one of the
randomly-generated URLs for my own family photo blog. My parents, who
don't have any children at home, use a less secret / more memorable one.
Similarly, uploaded photos get randomly renamed.
http://img.ourdoings.com/u8/bj/db8q.jpg
Again, eight random characters for roughly a trillion combinations.
Knowing the URL of one image does not let you find related images.
For your multi-tier security, if you wanted to go the obscure URL route,
you could randomly rename the photos as ourdoings.com does, and have
different random-URL web pages that link only to the photos that tier is
supposed to have access to.
--
Make that pile of digital photos presentable: http://ourdoings.com/
It's quicker and easier than you think.
|
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.