Our website would like to use cookies to store information on your computer. You may delete and block all cookies from this site, but parts of the site will not work as a result. Find out more about how we use cookies.
Novacaster Community Logo

Login or Register

Welcome!»
Latest Contributions»
Community Areas»
Blogging Areas»
  Bruce
  Dave
  Dominic
  Gordon
  Hugo
  Nic
  Rob
  Simon
  Steve
  Stuart
Group Areas»
Business Areas»
Technical Areas»
 
Unknown Masterpiece»

Keyword Search:

Advanced Search
Powered by
Powered by Novacaster
 
Secure Access To Images
by Nic Jackson at 09:21 22/08/03 (Blogs::Nic)
It just keeps on getting more and more complex.
Well after making good progress on my HAPPI system (holistic application programmers photograpic interface) it didnt start off like that it was just the Hairy Pies application but i was adviced that the business world may not like this.

Ive got a million other things to think about before i could possibly run a beta test.
Thanks to Simon and Dave yesterday i didnt get to sleep untill 2 am because i was wondering what the best way to restrict access to images would be.

I like the idea of a database approach but im still not sure if i wouldnt prefer to store them on a file system, sure replication of images becomes more complex but when im dealing with a potential of a million requests for images would the database have a fit.

Thats not the real problem though the real problem is security i was thinking about using a scripting language as a pseudo image so the user requests what appears to them is an image but has in effect a layer of code first. Kind of like a trifle where all you want is the jelly but ...

Anyway so what im thinking is that you could have a couple of methods of authentication. The first being that the page requesting the image would have to authenticate first, the system would check before sending out an image.

The second idea which would also be implemented would be to restrict to ip address, or url.

This is all well and good but, performance is going to if you pardon my expression piss on my chips. I can see at least one database call and definately a permission check for each image. This coupled to the average gallery containing 10 - 20 images = one nasty perfomance drain.

Damn -- nick
<< A first test entry Akira Motorcycle Anyone >>
View Comments (Threaded Mode) Printer Version
Secure Access To Images Nic Jackson - 09:21 22/08/03
Configure and cache Simon - 09:39 22/08/03
What you need is a flexible way to define and configure the necessary access control lists, coupled with a means to export and cache that information only when it's altered, so that the server can refer to the latest ACL without having to consult the database each time.

So instead of putting the images on a filesystem in something like /images/..., you need to put them on the filesystem somewhere like /images/acl_name/...

Now, this means that you may end up with multiple copies of a particular image living on the filesystem in different places, but that's what symlinks are for.
--
simon

Re:Configure and cache Nic Jackson - 10:39 22/08/03
So i would restrict access to a particular directory rather than an individual image.

I suppose if the code was light enough i wouldnt have too much of a performance issue.

I could store current access information in some form of object which would persist in server memory.

I still have concerns over the potential size of the object should high use be an issue.

One thing i was thinking was regarding what you were saying about moving the image from a private location be it physical or database to a public location and having clean up code.

With unix file systems and symlinks this would be cool as i would only have to check when the server creates a 404 error but with bloody NT.

Thanks for the idea i will try out a couple of methods this weekend.

--
nick

I think in an Apache-like way Simon - 11:03 22/08/03
So I tend to view problems from the Apache viewpoint. ACLs in Apache can be pretty much handled how you want, and there are loads of mod_auth_* mechanisms for tying in external authentication services.

eg you could do it by spitting out .htaccess, AuthUser and AuthGroup files from a configuration database.

If you ever wanted to get down to individual file level, there's always the <Files> directive.
--
simon

Just when i convince myself windows is ok Nic Jackson - 15:26 22/08/03
Thanks Simon, ill give it a go.

--
nick

Re: Secure Access To Images David Crowson - 02:31 22/02/04
U still alive ?

--
bombholio