Re: keeping client images private
I keep a unique 'filestamp' in the database under each customer-- a 32-digit randomly-generated number that then can be used either as a part of image filenames, or as a directory name which contains a customer's images. That way, in order for one customer to see another's images, they'd either have to watch over the other customer's shoulder and write down the filestamp, or they'd have to make a really good guess ;) todd On Tue, 11 Sep 2001, will trillich wrote: y'all seem to have some clever brains out here, so i'm wondering if some of you can offer suggestions-- what's a good clean way to keep images private per customer? i'm using mod_perl and HTML::Mason with session cookies, but coming up with a paradigm for storing and revealing images privately has got me a bit flummoxed. mr. smith has pix which he can see when he logs in to the website, and mr. brown has pix of his own, but neither can see the other's images. each customer can have two levels of imagery (main images/subsidiary images). i could have a handler intercept image requests and deny access if session-user isn't valid ... should i just make an apache alias to handle images as if they're from a certain subdir? and then use mod_perl to redirect the requests to the actual images internally? or actually store the images in actual subdirs of the documentroot? is there a better/faster/cheaper way? i'm sure there's more than one way to do this -- and before i take the likely-to-be-most-circuituitous route, i thought i'd cull advice from the clever minds on this list...
Re: keeping client images private
I'm afraid I'm not familiar (although aware of) Mason, so I can't help you in that context. I wrote something similar a while ago. When a user uploads the image file it goes into a common directory that contains all images. The file name is renamed to the following format: image file checksum in hex.image extention - .gif for example The checksum ensures that all filenames are unique and offers a quick way to check if an images has already been uploaded (just gen a checksum of the images uploaded and check if the file already exists in the images directory). This also offers a way to have a single copy of an image where multiple users may have uploaded the same image. Once the image has been stored, I write an entry for each file in a table in an RDBMS (mysql) which contains the file name (checksum.extention), description, original file name of the image, date uploaded, time last viewed, number of hits etc...etc... Then just write an apache handler that provides a virtual directory structure to view each users images. e.g. http://example.com/images/mark/image1.jpg will be intercepted by the handler. Handler checks if user is logged in and has access to /images/mark and if all checks out ok, then handler fetches image1.jpg's information from the database, fetches the corresponding checksum.extension file and returns an image/jpeg (or image/gif or whatever) You can also do some funky stuff like use Image::Magick to generate thumbnails on the fly which are cached in a seperate directory. So the first time a thumbnail is accessed, you generate it dynamically, the second time it is served from the directory cache. You also store the thumbnails as a checksum of the original image (perhaps with a different extension) so that if the original changes, the thumbnail will have to be regenerated. (Sorry if the above seems a little unstructured - just a brain dump really). ~mark will trillich wrote: y'all seem to have some clever brains out here, so i'm wondering if some of you can offer suggestions-- what's a good clean way to keep images private per customer? i'm using mod_perl and HTML::Mason with session cookies, but coming up with a paradigm for storing and revealing images privately has got me a bit flummoxed. mr. smith has pix which he can see when he logs in to the website, and mr. brown has pix of his own, but neither can see the other's images. each customer can have two levels of imagery (main images/subsidiary images). i could have a handler intercept image requests and deny access if session-user isn't valid ... should i just make an apache alias to handle images as if they're from a certain subdir? and then use mod_perl to redirect the requests to the actual images internally? or actually store the images in actual subdirs of the documentroot? is there a better/faster/cheaper way? i'm sure there's more than one way to do this -- and before i take the likely-to-be-most-circuituitous route, i thought i'd cull advice from the clever minds on this list... -- [EMAIL PROTECTED] http://sourceforge.net/projects/newbiedoc -- we need your brain! http://www.dontUthink.com/ -- your brain needs us! -- Mark Maunder Senior Architect SwiftCamel Software http://www.swiftcamel.com mailto:[EMAIL PROTECTED]
Re: keeping client images private
will trillich [EMAIL PROTECTED] writes: i'm sure there's more than one way to do this -- and before i take the likely-to-be-most-circuituitous route, i thought i'd cull advice from the clever minds on this list... Take a look at the mod_rewrite cookbook...there's some neat stuff in there. -- David Hodgkinson, Wizard for Hirehttp://www.hodgkinson.org Editor-in-chief, The Highway Star http://www.deep-purple.com Interim Technical Director, Web Architecture Consultant for hire
keeping client images private
y'all seem to have some clever brains out here, so i'm wondering if some of you can offer suggestions-- what's a good clean way to keep images private per customer? i'm using mod_perl and HTML::Mason with session cookies, but coming up with a paradigm for storing and revealing images privately has got me a bit flummoxed. mr. smith has pix which he can see when he logs in to the website, and mr. brown has pix of his own, but neither can see the other's images. each customer can have two levels of imagery (main images/subsidiary images). i could have a handler intercept image requests and deny access if session-user isn't valid ... should i just make an apache alias to handle images as if they're from a certain subdir? and then use mod_perl to redirect the requests to the actual images internally? or actually store the images in actual subdirs of the documentroot? is there a better/faster/cheaper way? i'm sure there's more than one way to do this -- and before i take the likely-to-be-most-circuituitous route, i thought i'd cull advice from the clever minds on this list... -- [EMAIL PROTECTED] http://sourceforge.net/projects/newbiedoc -- we need your brain! http://www.dontUthink.com/ -- your brain needs us!