Securing public images

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • cbmeeks
    #1

    Securing public images

    I have a photo sharing site that takes a photo once it is uploaded and
    copies it to a NON browsable location so that it can not be browsed
    directly.

    Then, when you want to view it, I load it in PHP and send down the
    custom header. That way, I can control security, bandwidth, etc.

    Works great. However, it's very demanding and it simply can't serve
    the data as quickly as a static image in a browsable location.

    So my question is, is there any way the file can be static (as in, not
    dynamically created with a custom header) and still have all of my
    custom security and bandwidth code?

    Flickr allows you to make a file private. Yet, if you happen to find
    out the URL, anyone can browse it! I mean, it would be impossible to
    guess the URL but if it ever got out then you couldn't prevent people
    from looking unless you deleted and re-uploaded.

    I don't really want to go that route.

    Thanks
    cbmeeks

    Tags: None
    • ZeldorBlat
      #2
      Re: Securing public images

      On Jun 18, 2:22 pm, cbmeeks <cbme...@gmail. comwrote:
      I have a photo sharing site that takes a photo once it is uploaded and
      copies it to a NON browsable location so that it can not be browsed
      directly.
      >
      Then, when you want to view it, I load it in PHP and send down the
      custom header. That way, I can control security, bandwidth, etc.
      >
      Works great. However, it's very demanding and it simply can't serve
      the data as quickly as a static image in a browsable location.
      >
      So my question is, is there any way the file can be static (as in, not
      dynamically created with a custom header) and still have all of my
      custom security and bandwidth code?
      >
      Flickr allows you to make a file private. Yet, if you happen to find
      out the URL, anyone can browse it! I mean, it would be impossible to
      guess the URL but if it ever got out then you couldn't prevent people
      from looking unless you deleted and re-uploaded.
      >
      I don't really want to go that route.
      >
      Thanks
      cbmeeks
      When you say "it's very demanding and it simply can't serve the data
      as quickly as a static image in a browsable location" what evidence do
      you have? Have you run any tests using a profiler to see what the
      problem might be? Do you really have that much traffic, or are you
      "planning" for the future?

        Comment

        • cbmeeks
          #3
          Re: Securing public images

          When you say "it's very demanding and it simply can't serve the data
          as quickly as a static image in a browsable location" what evidence do
          you have? Have you run any tests using a profiler to see what the
          problem might be?
          Well, you got me there. No. Not exhaustive tests. I can notice a
          difference. Maybe not much of one but it's there. Plus, doesn't PHP
          have to load the entire image (or at least some of it) before it
          streams it to the browser? In other words, wouldn't there be more
          memory requirements vs serving it out directly?
          Do you really have that much traffic, or are you
          "planning" for the future?
          Mostly planning. I usually load a server up pretty heavy...as in, it
          has to do a lot of work...CPU intensive so every little bit helps.



            Comment

            • ZeldorBlat
              #4
              Re: Securing public images

              On Jun 18, 2:35 pm, cbmeeks <cbme...@gmail. comwrote:
              When you say "it's very demanding and it simply can't serve the data
              as quickly as a static image in a browsable location" what evidence do
              you have? Have you run any tests using a profiler to see what the
              problem might be?
              >
              Well, you got me there. No. Not exhaustive tests. I can notice a
              difference. Maybe not much of one but it's there. Plus, doesn't PHP
              have to load the entire image (or at least some of it) before it
              streams it to the browser? In other words, wouldn't there be more
              memory requirements vs serving it out directly?
              >
              Do you really have that much traffic, or are you
              "planning" for the future?
              >
              Mostly planning. I usually load a server up pretty heavy...as in, it
              has to do a lot of work...CPU intensive so every little bit helps.
              Read this article, specifically Tip #5:

              <http://www.ibm.com/developerworks/li...-code/?ca=dgr-
              FClnxw01linuxco detips>

              How exactly are you reading/sending the image out? The way you're
              doing it can certainly have an effect on performance.

                Comment

                • cbmeeks
                  #5
                  Re: Securing public images

                  I will check that link out..thanks
                  How exactly are you reading/sending the image out? The way you're
                  doing it can certainly have an effect on performance.
                  Something like:

                  header ("Content-Type: image/jpeg");
                  if( $is_thumb == 1 )
                  readfile ($photo->file_path . $thumbprefix . $photo->file_name);
                  else
                  readfile ($photo->file_path . $photo->file_name);
                  exit ();


                    Comment

                    • Toby A Inkster
                      #6
                      Re: Securing public images

                      cbmeeks wrote:
                      Works great. However, it's very demanding and it simply can't serve
                      the data as quickly as a static image in a browsable location.
                      Don't worry about performance too much until it actually becomes a real
                      problem -- Google for "premature optimisation".

                      One way you might be able to speed up your site is eAccelerator, which
                      keeps compiled versions of your PHP scripts in a RAM (or disk) cache,
                      which tends to speed up most websites fairly significantly (20%+).

                      Also, if you're performing SQL queries to check access rights, look at
                      optimising them -- make sure you're not fetching data that you don't need
                      ("SELECT * FROM" is a sign that you might be doing that).

                      --
                      Toby A Inkster BSc (Hons) ARCS
                      [Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
                      [OS: Linux 2.6.12-12mdksmp, up 115 days, 15:44.]

                      dict, thes & ency
                      Page not found - Tobyinkster
                      http://tobyinkster.co.uk/blog/2007/06/18/dict-thes-ency/

                        Comment

                        Previous template Next
                        Working...